Lambda Access to EC2 Service

Hello,

Yes, a Lambda function can call an ECS Service endpoint even if Service Discovery is not enabled. Here the traffic will route to public DNS if the VPC has access to internet then to a public IP and it will go to ECS. However, there are some considerations to keep in mind.

Since your Lambda function is in the same VPC as the ECS Service, you have a few options to establish connectivity:

1. Use the internal DNS name of the Application Load Balancer (ALB) if you have one in front of your ECS Service. This is often the simplest and most reliable method. The internal DNS name of the ALB will resolve to private IP addresses within the VPC, allowing your Lambda to communicate with the ECS Service.

2. If you're not using an ALB, you can use the private IP address of the ECS task. However, this is not recommended for production use as the IP address can change if the task is restarted.

3. You cannot use the public DNS or IP address of the service from within the VPC, as this would route traffic out to the internet and back in, which won't work for an internal Lambda.

4. Using the Load Balancer's IP address directly is not recommended, as these can change. Always use the DNS name instead.

For your test configuration, the simplest approach would be:

1. If you have an ALB, use its internal DNS name.
2. If not, you can temporarily use the private IP of the ECS task, but be aware this is not a stable long-term solution.

Your security group configuration sounds correct, allowing traffic between the Lambda and ECS Service. However, ensure that the ECS tasks are in private subnets if you want to keep them internal.

For a more robust, long-term solution, consider enabling ECS Service Discovery or using an Application Load Balancer. These methods provide stable endpoints for your services and offer better scalability and management of incoming traffic.