1 Answer
- Newest
- Most votes
- Most comments
1
Lambda functions attached to a VPC use private IP addresses and can't use an IGW. You'll need to use a a NAT instance or NAT gateway to give the Lambda function access to the internet. You can also use a VPC endpoint to access S3 and not need to give the Lambda function access to the internet. You need to use an interface VPC endpoint and not a gateway VPC endpoint to connect the Lambda function to S3.
With all this noted, does the Lambda function need to be attached to the VPC? We only recommend attaching to a VPC if the Lambda function needs access to resources in the VPC.
answered 2 months ago
Relevant content
- Accepted Answerasked 8 months ago
- Accepted Answerasked 9 months ago
AWS OFFICIALUpdated 5 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
S3 gateway will also work for buckets in the same region as the lambda function exists.
The reason for attaching the lambda to VPC is that we want to attach an API gateway to the lambda so that we can implement authorization.
You don't need to attach a Lambda function to a VPC to integrate it with API Gateway. You can just integrate API Gateway with the Lambda function and the integration will communicate privately over the AWS backbone and not use the public internet.
Examples of private resources in the VPC are databases, cache instances, or internal services and if the Lambda function needs to connect to any of those then you would need to attach it to the VPC. Otherwise, it is best practices not to do it.
Thanks for the heads up. We currently have RDS connections from lambda as well which crosses through public internet. Those are to be replaced with private connections as well. In that case, we need the lambda VPC attachment.