Remove NAT Gateway and use Internet Gateway


I have created a Lambda function in the private subnet and am connecting to the internet using NAT Gateway. I want to connect to the internet using Internet Gateway instead of NAT Gateway.

Is it possible to do that?

If so, how do you do the conversion?

질문됨 8달 전284회 조회
2개 답변
수락된 답변

Using a Lambda function to connect to the internet (from within a VPC) without NAT Gateway or a NAT instance is not supported.

Note that you can choose not to associate the Lambda function with a VPC - it will have direct internet access then.

Is there some other reason for using the Lambda function in a VPC? One option I've seen other customers use is to decouple the Lambda functions - have one that accesses APIs/data on the internet; and another to access private resources.

profile pictureAWS
답변함 8달 전
profile picture
검토됨 8달 전
  • Thank you for your response.

    I will not associate Lambda function with a VPC

  • I couldn't identify any specific technical reasons for exclusively supporting NAT gateway or NAT instance without including an Internet Gateway. Is this intentional to prevent incoming access?

  • An internet gateway exists to provide your VPC with access to the "outside world" (the internet for all intents and purposes). It's designed for session that are initiated from outside the VPC to resources in the VPC (those with a public or Elastic IP); and also for those resources to initiate sessions from within the VPC to the rest of the world. A NAT Gateway is designed to do many:1 address translation - that is, allow many internal (to the VPC) resources to appear to come from a single IP address. And as you've mentioned, it is for session initiated from with the VPC; not the other way around. While you can have a private NAT Gateway (i.e. one without an internet gateway), the majority of use cases involve both together.

  • It turns out it is possible! By assigning an IP to the ENI created by Lambda, you can use an Internet Gateway instead of a NAT Gateway.

  • Be careful with that solution. EIPs or public IPs aren't assigned to Lambda ENIs automatically for a reason. The ENI may change at any time (for example, if there are no Lambda executions for a period of time). When the new ENI is created it won't have an Elastic/Public IP assigned.



Maybe the Lambda URLs would be a good solution for your use case:

This is only possible if you Lambda is called from the Internet to answer some requests and not if it needs to connect to other services on the Internet to get some data. I was unsure of what you mean by "am connecting to the internet using NAT"

Hope it helps!


profile pictureAWS
답변함 8달 전
  • Thanks for your help. As suggested by Brettski-AWS, I will make the changes.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠