Allow Lambda to Access AWS Services+VPC+Internet

By default Lambda functions has access to the internet, including AWS services, but not to private resources in a VPC. You can attach a Lambda to a private subnet in a VPC and then it will have access to private resources in the VPC, but not to the internet or AWS services. If you want all, you need to attach the function to a private subnet in a VPC, create a NAT Gateway in a public subnet and route the traffic to the GW. This will give you access to both the VPC and the internet, including AWS services. For some services (e.g., DynamoDB, S3, etc.) you can also create VPC endpoints. This will reduce the cost of the traffic to those services, but it also adds cost for the endpoints themselves, so you will need to check which options is best for you.

A VPC Lambda will be able to access the Internet if it's in a subnet with at least outbound internet access, i.e. with routing to a NAT gateway/instance or Internet Gateway. See https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/ for example.

Thanks for all !

It worked after attaching VPCE to the private route table, then the Lambda could access services plus Internet access plus VPC resource.