Hello!
I have a Lambda function which needs to connect to a MySQL RDS instance which is within a private VPC. The Lambda function also needs to connect to a Sagemaker Serverless Inference Endpoint, taking data from the RDS instance and passing it to a Sagemaker model for inference.
I have tested a vanilla Lambda function from outside of the private VPC to connect to the Sagemaker Endpoint which was successful. However, in order for Lambda to access data from the RDS database, I have associated the Lambda function with the same private VPC and subnets as the RDS instance. As a result, the Lambda function can no longer access the Sagemaker Endpoint as it now lies within the private VPC.
I need advice on how to create a VPC Interface Endpoint to enable the Lambda function to access the Sagemaker Endpoint, and on** how to build the associated security groups** to enable the network access. I am unsure of how to implement the VPC Interface Endpoint or how to implement the correct security groups, so I would appreciate advice on the implementation.
As an alternative architecture, I could create two lambda functions: one which is associated with the private VPC and connects to the RDS instance then stores the required data in an S3 bucket; and another lambda function which is not within the VPC which pulls the data from the S3 bucket and serves it to the Sagemaker Endpoint. **Would this be a better option? **