Aurora MySQL DB Cluster and Lambda Function Integration

Prev Question Next Question

Question

A company has an Aurora MySQL DB cluster setup, and it needs to invoke a Lambda function.

Which of the following need to be in place for this setup to work.

(Select TWO)

Answers

A. Ensure that the Lambda function has an IAM Role assigned to it which can be used to invoke functions on Amazon Aurora.

B. Ensure that the Aurora MySQL DB cluster has an IAM Role which allows it to invoke Lambda functions.

C. Allow the Lambda function to allow outbound communication to Amazon Aurora.

D. Configure the Aurora MySQL DB cluster to allow outbound connections to the Lambda function.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - B and D.

The below snapshot from the AWS Documentation shows the different steps required to ensure that the Lambda function can access Amazon Aurora.

Options A and C are incorrect since the configurations need to be the other way around.

For more information on invoking AWS Lambda using Aurora, please refer to the below URLs-

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Lambda.html#AuroraMySQL.Integrating.LambdaAccess https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Lambda.html

Giving Aurora Access to Lambda

Before you can invoke Lambda functions from an Aurora MySQL, you must first give your Aurora MySQL DB cluster permission to access
Lambda.

To give Aurora MySQL access to Lambda

1. Create an AWS Identity and Access Management (IAM) policy that provides the permissions that allow your Aurora MySQL DB cluster to
invoke Lambda functions. For instructions, see Creating an IAM Policy to Access AWS Lambda Resources.

2. Create an IAM role, and attach the IAM policy you created in Creating an IAM Policy to Access AWS Lambda Resources to the new IAM
role. For instructions, see Creating an IAM Role to Allow Amazon Aurora to Access AWS Services.

3. Set the aws_default_lambda_role DB cluster parameter to the Amazon Resource Name (ARN) of the new IAM role.
For more information about DB cluster parameters, see Amazon Aurora DB Cluster and DB Instance Parameters.

4. To permit database users in an Aurora MySQL DB cluster to invoke Lambda functions, associate the role that you created in Creating an
IAM Role to Allow Amazon Aurora to Access AWS Services with the DB cluster. For information about associating an IAM role with a DB
cluster, see Associating an IAM Role with an Amazon Aurora MySQL DB Cluster.

5. Configure your Aurora MySQL DB cluster to allow outbound connections to Lambda. For instructions, see Enabling Network
Communication from Amazon Aurora MySQL to Other AWS Services.

To invoke a Lambda function from an Aurora MySQL DB cluster, the following two things need to be in place:

A. Ensure that the Lambda function has an IAM Role assigned to it which can be used to invoke functions on Amazon Aurora. The Lambda function must have an IAM role assigned to it that allows it to access the necessary resources. This IAM role should include the AWSLambdaVPCAccessExecutionRole policy to allow it to access resources in a VPC, and the AWSLambdaRole policy to allow it to invoke other AWS services.

B. Ensure that the Aurora MySQL DB cluster has an IAM Role which allows it to invoke Lambda functions. The Aurora MySQL DB cluster needs to have an IAM role assigned to it that allows it to invoke the Lambda function. This IAM role should include the AWSLambdaRole policy to allow it to invoke Lambda functions.

Option C and D are not applicable in this scenario as they are related to network connectivity, and the communication between Aurora MySQL DB cluster and Lambda function is handled by the AWS service infrastructure.

Therefore, options A and B are the correct answers to this question.

Prev Question Next Question