- Newest
- Most votes
- Most comments
My guess is that the main premise of deploying Lambda in VPC is to access resources (EC2 and RDS) in the VPC.
Since public IP addresses are not needed for communication within the VPC, I suspect that Lambda ENIs are not automatically set to a public IP even if public IP auto-assignment for the subnet is enabled.
Also, the reason why you can set a public IP with Elastic IP for Lambda's ENI, there may be some VPCs in your environment that only have public subnets.
I believe the reason for this is that it is not possible to tie a NAT Gateway to a public subnet and set it as the default route.
So I thought it was more of a security issue or something that could be configured to suit the environment.
Lambda functions are short lived tasks up to a max of 15 mins.
If every task that spun up which could be hundreds would very quickly consume a public ip which would diminish a pool very quickly.
Plus if you want lambda accessible from the internet you would place behind something like an api gateway.
If lambda had a public IP, by the time it had come up and is accessible on the internet via a DNS name, there would be no chance for something on the internet to actually connect to it especially if each task started it’s IP address would be different.
I see no reason why a lambda function would ever need a public IP and so it’s designed in this way.
Internet access if needed can be achieved via a nat gateway
Relevant content
- Accepted Answerasked a year ago
- Accepted Answerasked 10 months ago
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 6 months ago
A "public subnet" is a subnet with a route to the internet via an internet gateway. To access from private IPs, you need a NAT.