I have an AWS Lambda function in an Amazon Virtual Private Cloud (Amazon VPC). I want to connect the function to AWS Systems Manager Parameter Store, but I can't establish the connection. Why can't my function access Parameter Store, and how do I configure the function so that it can?
Lambda functions within an Amazon VPC don't have internet access. The network interfaces that Lambda creates within an Amazon VPC have private IP addresses, and can't use an internet gateway to gain internet access. This configuration blocks the function from accessing other AWS resources outside of the Amazon VPC, such as Parameter Store.
Note: It's a best practice to not put your Lambda function in an Amazon VPC unless the function must access other resources in the VPC.
To allow a Lambda function that's in an Amazon VPC to access Parameter Store, do one of the following:
Note: AWS PrivateLink VPC endpoints rely on DNS. If you use AWS PrivateLink, make sure that you configure the DHCP options for your Amazon VPC so that DNS is set up for it. For more information, see Using DNS with your VPC.
Configuring a Lambda function to access resources in an Amazon VPC