- Newest
- Most votes
- Most comments
Hi,
As described on the AWS documentation, by default Lambda functions have access to the public internet except if they have been configured with access to one of your VPCs. That is, the fact that a Lambda Function is invoked through the API Gateway has no impact on whether it can access the Internet or not.
The documentation also clarifies that network connectivity errors can result from issues with your VPC's routing configuration, security group rules, AWS Identity and Access Management (IAM) role permissions, or network address translation (NAT), or from the availability of resources such as IP addresses or network interfaces.
When you invoke a function using a Function URL, the Lambda service manages the network connection. Since your function is not in a VPC, it inherits the public internet access of the Lambda service itself. This allows your function to connect to public internet endpoints during execution.
However, Imagine if you invoke a function through an API Gateway endpoint, the network access is handled differently. By default, API Gateway operates in a private VPC endpoint by default, even without explicit VPC Links. This means it cannot directly access public internet resources unless specifically configured. Consequently, your Lambda function's Express server, invoked via API Gateway, won't be able to connect to the internet.
Let me know, if your query is resolved!
Relevant content
- asked a year ago
- asked 5 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Thanks - very clear explanation!
This is not completely true. It doesn't matter if you invoke the function using Function URL or API Gateway. In both cases the function runs in the service VPC and has access to the internet. Only if you attach the function to a VPC you will loose internet access.