How to check application's health api in private ec2 with No NAT Gateway.

Question

I run the application in private ec2 with No NAT Gateway.
this application has health check api.
In this situation, I want to call health check api with EventBridge and Lambda.
and Lambda sends data to another application(On Internet)
but Lambda in private subnet can't send data to the application.
How can I solve this problem?

Accepted Answer

I can think of a couple of ways of doing this but they all boil down to (more or less) the same thing:

Have a Lambda function running on the private subnet to do the health check (that you already have); and then use a VPC Endpoint for another AWS service to send the results out from that Lambda function. You could use SNS or SQS (both of which could trigger another Lambda function directly); or you could [use CloudWatch Synthetics](https://aws.amazon.com/blogs/mt/monitor-your-private-endpoints-using-cloudwatch-synthetics/).

Note that the VPC endpoint does introduce additional cost (but then, so does NAT Gateway) but it restricts the access from the private subnet to the service that you've created the endpoint for. You can also use an endpoint policy to further restrict access if you like.

How to check application's health api in private ec2 with No NAT Gateway.

関連するコンテンツ