By default Lambda functions has access to the internet, including AWS services, but not to private resources in a VPC. You can attach a Lambda to a private subnet in a VPC and then it will have access to private resources in the VPC, but not to the internet or AWS services. If you want all, you need to attach the function to a private subnet in a VPC, create a NAT Gateway in a public subnet and route the traffic to the GW. This will give you access to both the VPC and the internet, including AWS services. For some services (e.g., DynamoDB, S3, etc.) you can also create VPC endpoints. This will reduce the cost of the traffic to those services, but it also adds cost for the endpoints themselves, so you will need to check which options is best for you.
A VPC Lambda will be able to access the Internet if it's in a subnet with at least outbound internet access, i.e. with routing to a NAT gateway/instance or Internet Gateway. See https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/ for example.
Thanks for all !
It worked after attaching VPCE to the private route table, then the Lambda could access services plus Internet access plus VPC resource.
Allow Lambda to Access AWS Services+VPC+Internetasked 2 months ago
Possible to run AWS VPC Reachability analyzer from Lambda ENI to RDS endpoint?Accepted Answerasked a month ago
Disabling access to non AWS services via VPC endpointsAccepted Answerasked 2 years ago
VPC Endpoint access via Lambda isn't filterable by PolicyAccepted Answerasked 2 years ago
write speed through lambda access pointasked 2 years ago
Best way to manage access to a VPC EndpointAccepted Answerasked 2 years ago
AWS Lambda invocation of internal ALB getting timed outasked a month ago
External internet access for a VPC enabled lambdaasked 3 years ago
Lambda in VPC can't access S3asked 5 months ago
S3 bucket policy to allow access through VPC endpoint and an IAM user onlyasked 2 days ago