- Newest
- Most votes
- Most comments
I think I found a solution:
- Enable IPv6 on my VPC: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-migrate-ipv6.html
- Created an egress only internet gateway, and set up routes for IPv6: https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html
- Enabled IPv6 dual stack for all my lambda functions.
- Delete the VPC endpoint.
My Lambda functions now appear to be working without the VPC endpoint. I assume they are now accessing Secrets Manager over IPv6. I think with this setup I'm only paying for the secret, and for the traffic routed through the egress only internet gateway.
Hi
Okay Lets do in this way to stick with ONLY free tier without paying more to AWS,
- Create Lambda funtion inside with VPC with public subnet
- Use paramater store to store the credentials of the RDS - FREE of Charge Standard type
For learning purposes, using Parameter Store in a public subnet can be a good starting point. Just be aware of the security limitations. If you plan to transition to production eventually, consider using a VPC Endpoint with Secrets Manager for better security practices. The cost is minimal, and it provides a more robust solution.
I don't think parameter store would be any improvement over Secrets Manager. It seems like I would either need to give my Lambda functions access to the internet, or create a VPC Endpoint for the parameter store.
https://repost.aws/knowledge-center/lambda-vpc-parameter-store
Hello.
How about changing the subnet associated with Lambda to a public subnet and setting ElasticIP directly on the ENI?
https://aws.amazon.com/vpc/pricing/?nc1=h_ls
An Elastic IP address costs $0.005 per hour, so if you only have one Elastic IP address, it costs $3.60 per month.
Therefore, as introduced in the blog below, if you set ElasticIP directly to Lambda's ENI, it may be slightly cheaper to use than a VPC endpoint.
https://theburningmonk.com/2023/09/static-ip-for-lambda-ingress-egress-and-bypassing-the-dreaded-nat-gateway/
Relevant content
- asked 2 years ago
- asked 3 months ago
- asked 24 days ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago
Can you describe more, What is the actual use case of the VPC endpoint ? Jus to connect RDS DB ?
@GK It's used by my Lambda functions to retrieve the database credentials from the Secrets Manager. It's not used directly in connecting to the RDS instance since the RDS instance is in the same VPC.