What are the Inbound and Outbound Rules for connecting a Lambda (inside a VPC) to SQS ?

Question

I am trying to connect my Lambda function. The lambda function will send a message to SQS. 
**The Lambda is inside a VPC.**

Now, I tried with only

* Inbound Rule
* Outbound Rule

at a time, and the task timed out, because the VPC needs to connect to SQS HTTPS link. So, based on my understanding , we need

*  an incoming rule for Lambda from the SQS -  to get the message Id after successful
* an outgoing rule for Lambda -  to connect to the SQS

An **Endpoint**  `Interface `is to make sure that any interaction to and from the Lambda does not go out of the VPC.

**My question is :-**
What are the CIDR values for Inbound and Outbound Rules ? I am allowing all IPs in HTTPS Port 443. But, I want to know, if there would be any exact values for the CIDRs. The Interface for SQS is **not** being shown in the CIDR option list.

Answer

The CIDR Values are what ever subnet you have placed your VPC Endpoints in. So for the Lambda security group, you will 99% of the time need port 443 to the Subnet/IPs of the VPC Endpoints.

If your Lambda is VPC connected, you HAVE too use one of the following

1. Use VPC Endpoints for ANY Services Lambda requires
2. Lambda function needs to be in a Subnet with a route to a NAT Gateway to at which point its likely you will need 0.0.0.0/0 on port 443 for outbound.

No inbound rules will be needed on Lambda SG for SQS

What are the Inbound and Outbound Rules for connecting a Lambda (inside a VPC) to SQS ?

관련 콘텐츠