- Newest
- Most votes
- Most comments
First, invoking a Lambda function is always done using the public invoke API. Lambda has no way to limit the invocation from within a VPC only. When you attach a function to a VPC it only means that the network traffic originated by the Lambda function is sent inside the VPC.
Second, when you create a Lambda Function URL you actually create a public endpoint. This means that your ECS task will need to access the internet in order to invoke it (either by giving it internet access or by using a NAT gateway). You can protect the endpoint with IAM, so your task will need the appropriate IAM Role to invoke it.
Other options were mentioned above: Use the Lambda Invoke API directly from the ECS task (you will need a Lambda VPC endpoint to access that API), use a Private REST API Gateway to trigger the lambda (with the 30 second limit), or use an ALB as the front-end for the function.
Hi Lalit, One option is to invoke the lambda function using AWS SDK's from the Frontend ECS application.
You can try ECS exec for running commands: https://aws.amazon.com/blogs/containers/new-using-amazon-ecs-exec-access-your-containers-fargate-ec2/
Function url expose a public endpoint, so http client is not an option.
You should either use SDK, if you just want to reuse the function url(more details for authentication here: https://docs.aws.amazon.com/lambda/latest/dg/urls-invocation.html#:~:text=Function%20URLs%20are%20dual%20stack,must%20have%20lambda%3AInvokeFunctionUrl%20permissions.).
Alternatives are an internal ALB or private api gateway.
Relevant content
- Accepted Answer
- asked 3 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago