I would recommend to keep the database private, attach the function to a VPC (I assume it can't be the same VPC as the DB), peer the two VPCs. Set the a small CIDR block for the subnet that Lambda attaches to, and set the SG to allow all the subnet.
An alternative would be to attach the function to a VPC and connect to the DB via a NAT Gateway that can have an EIP.
There is another way to do that ? I've tried attaching my lambda to a VPC , but didn't work.
- AWS公式更新しました 1年前
- AWS公式更新しました 3年前