- Newest
- Most votes
- Most comments
Hello.
Do you mean you want to access the Lambda function URL privately from within your VPC?
In that case, as stated in the document below, only public access is possible, so this is currently not possible.
https://docs.aws.amazon.com/ja_jp/lambda/latest/dg/lambda-urls.html
You can access your function URL through the public Internet only. While Lambda functions do support AWS PrivateLink, function URLs do not.
You always invoke Lambda functions using the public Invoke API. Even if you use Function URL, it is public. This means that in order to invoke a function directly, you need to access the internet.
Thank again. For an Example, If I invoke the lambda by another lambda in the same account using the boto3 library for Python, does it still traverse through public internet?
Ahh may be so since lambdas run on their own VPCs?
You need to go outside the VPC using Lambda VPC endpoint or a NAT Gateway. It uses public IP addresses, but it remains in our backbone. It does not traverse the public internet.
Hi, if what you are trying to achieve is to invoke your second lambda function without using the public service endpoint, you can create a vpc interface endpoint to the Lambda service in your VPC 1 to communicate with Lambda service (to invoke other Functions). As your Lambda 1 is configured to access your vpc, you can use the aws sdk (boto3 in python) to invoke your Lambda 2 and use the created private endpoint in the lambda client creation in your code, informing the private endpoint with the endpoint_url parameter. Please take into account that invoking a Lambda function in other account using the AWS SDK, you need to use AWS STS (Security Token Service) from within your code in order to assume a role in the second account that gives you permissions to execute the second Lambda function. Additionally when using vpc endpoints, private link fees applies. Please check: https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc-endpoints.html https://boto3.amazonaws.com/v1/documentation/api/latest/reference/core/session.html (check here the endpoint_url parameter) https://aws.amazon.com/privatelink/pricing/
Relevant content
- Accepted Answerasked 4 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Thank you for your input. Is there any other way so that I can replace the function URL connection by a private connection through Peering?
I think it is possible to do something similar if you create an API Gateway private. https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-apis.html