- 최신
- 최다 투표
- 가장 많은 댓글
So to connect to the internet from a VPC there are two ways either with the help or NAT GW or with resources in public subnet having public IP address and a route towards IGW. So if you have resources in public subnet with public/EIP then it can save cost for NATGW.
I am guessing you mean Lambda is connecting to RDS in the VPC and internet connectivity is not working (If yes please update the heading for others)
The reason is straight forward. You have deployed RDS in a subnet (subnet group) that is most likely private. Lambda by default runs outside of VPC and hence has internet access by default. However if you choose to run Lambda function with an ENI in the VPC lambda function's internet connectivity is going to depend on the subnet's internet connectivity.
You have a few options as below to achieve both connections from the Lambda function.
1- Run RDS in the public subnet and allow Lambda from outside the VPC (Not very secure) as you are opening up access to the Database from a larger network that you dont control.
2- Run RDS in Public subnet and run Lambda in public subnet of the VPC too, on RDS security group control access from very specific subnets (More secure as RDS is not open to the internet or un-controlled networks)
3- Run RDS in Private subnet and run Lambda in public subnet of the VPC, this will allow lambda access the internet AND the database in the private subnet.
4- Run RDS and Lambda function in private subnet of the VPC (as you are currently doing) and deploy NAT gateway on Public subnet for outbound access.
5- Run RDS and Lambda function in private subnet of the VPC (as you are currently doing) and deploy NAT Instance on Public subnet for outbound access. (This is not ideal and should be avoided)
6- Run RDS and Lambda function in private subnet of the VPC. KNow what Internet access is needed, if its only for AWS Services Like S3/ DynamoDB, SQS etc you can add VPC Endpoints accordingly.
