By using AWS re:Post, you agree to the Terms of Use

Allow Lambda to Access AWS Services+VPC+Internet



Is that possible to allow a Lambda to access 3 things (nearly the everything of AWS) ?

  1. AWS services, such as S3, DynamoDB
  2. VPC, to mount EFS
  3. Internet

I know that Lambda could access 1+3 as default but no 2, but I'm not sure if Lambda could access 3 things together, tried to allow Lambda access 3 from VPC but failed, and my EFS was created with existed subnet and it's being used by EC2 instances.

Thanks a lot.

3 Answers

By default Lambda functions has access to the internet, including AWS services, but not to private resources in a VPC. You can attach a Lambda to a private subnet in a VPC and then it will have access to private resources in the VPC, but not to the internet or AWS services. If you want all, you need to attach the function to a private subnet in a VPC, create a NAT Gateway in a public subnet and route the traffic to the GW. This will give you access to both the VPC and the internet, including AWS services. For some services (e.g., DynamoDB, S3, etc.) you can also create VPC endpoints. This will reduce the cost of the traffic to those services, but it also adds cost for the endpoints themselves, so you will need to check which options is best for you.

answered 2 months ago

A VPC Lambda will be able to access the Internet if it's in a subnet with at least outbound internet access, i.e. with routing to a NAT gateway/instance or Internet Gateway. See for example.

answered 2 months ago

Thanks for all !

It worked after attaching VPCE to the private route table, then the Lambda could access services plus Internet access plus VPC resource.

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions