1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
1
The CIDR Values are what ever subnet you have placed your VPC Endpoints in. So for the Lambda security group, you will 99% of the time need port 443 to the Subnet/IPs of the VPC Endpoints.
If your Lambda is VPC connected, you HAVE too use one of the following
- Use VPC Endpoints for ANY Services Lambda requires
- Lambda function needs to be in a Subnet with a route to a NAT Gateway to at which point its likely you will need 0.0.0.0/0 on port 443 for outbound.
No inbound rules will be needed on Lambda SG for SQS
관련 콘텐츠
- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 일 년 전
So, in that sense, why does not a Lambda function require any Inbound rule when connecting to S3 or Dynamodb ? Why does the Security group only needs an Outbound rule to the respective Endpoint (for S3 and DynamoDB)?
Because its a TCP Converstation and security groups are stateful. SQS or Dynamodb do not connect to Lambda directly. SQS events triggers a lambda function calling the Lambda APi and not connect to the lambda function
Same for s3. S3 events can trigger a lambda function via the api. If lambda needs to access S3 it’s an outbound connection and. The security groups state full.