- Más nuevo
- Más votos
- Más comentarios
I would recommend to keep the database private, attach the function to a VPC (I assume it can't be the same VPC as the DB), peer the two VPCs. Set the a small CIDR block for the subnet that Lambda attaches to, and set the SG to allow all the subnet.
An alternative would be to attach the function to a VPC and connect to the DB via a NAT Gateway that can have an EIP.
The NAT gateway will route the traffic to internet through internet gateway right for calling RDS? How should RDS's inbound rule be configured, from what source? I tried putting inbound source for RDS as EIP of NAT Gateway from the other VPC, it didn't work
It should work. When you assign an EIP to a NAT Gateway, the outgoing traffic is sent from that EIP.
There is another way to do that ? I've tried attaching my lambda to a VPC , but didn't work.
Contenido relevante
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace un año
Please see if this helps: https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#VPCSecurityGroups