Granting VPC Access to Lambda Function

Answer: D.

Option A is incorrect as creating a role between Lambda and RDS will not help the function get access to the VPC and then RDS.

Option B is incorrect as creating a policy and role.

Option C is incorrect as permissions can't be assigned to a specific subnet.

Option D is CORRECT as per the developer guide.

A role needs to be created with the permissions AWSLambdaVPCAccessExecutionRole, allowing Lambda to manage network connections in the VPC.Reference:

To allow a Lambda function access to a VPC, you need to create a role with the required permissions and attach it to the Lambda function. The role needs to have the necessary permissions to access the VPC, its subnets, and any resources within the VPC, such as an RDS instance.

In this scenario, the requirement is to monitor modifications made to an RDS instance by applications. To accomplish this, you need to create a role that allows the Lambda function to access the RDS instance and its associated subnet.

Option A is partially correct, as creating a role is necessary to allow access between Lambda and RDS. However, it does not address access to the subnet.

Option B is more complete, as it includes creating a policy to define the specific permissions required by the Lambda function. The policy should allow the Lambda function to access the RDS instance and its associated subnet.

Option C is not correct, as allowing access between Lambda and the subnet alone is not sufficient to access the RDS instance.

Option D is also not correct, as allowing access between Lambda and the VPC alone is not sufficient to access the RDS instance.

Therefore, the correct answer is B: Create a Policy and a Role to allow access between Lambda and RDS.