Lambda function not able to send data to internet when using a VPC

Question

Hi,

I have a lambda function which reads a RDS database and then sends the data to an external API. It works fine when I just use it without a VPC but when I connect it to a VPC, the external connection times out indicating that the lambda is not able to post to the external API. I have verified that the public subnet which is connected to the VPC has an internet gateway which is working fine. I am not able to figure out the cause. Any help would be appreciated. Thanks

Answer

Lambda functions will not be able to access the internet on a public subnet. Lambda functions will never obtain a public IP address.

Your lambda functions need to be connected to private subnets.

On the private subnet you will need routes for the CIDR of 0.0.0.0/0 to a NAT gateway.

The NAT gateway will need to reside on the public subnet. Lambda will then be able to access the internet from your VPC.

https://docs.aws.amazon.com/appstream2/latest/developerguide/managing-network-internet-NAT-gateway.html

Answer

In addition to the NAT Gateway option already mentioned, you can use IPv6 via an egress-only gateway if your external API supports IPv6.  This capability was released recently - see https://aws.amazon.com/about-aws/whats-new/2023/10/aws-lambda-ipv6-outbound-connections-vpc/.

Lambda function not able to send data to internet when using a VPC

관련 콘텐츠