Make Lambda Function Urls to be accessible within the VPC only.

0

Can we make the lambda function urls not accessible from public internet and accessible only with in the vpc ? I do understand using AWS_IAM we can reject the requests from malicious users. I am wondering about the ways to restrict the access within VPC, zero access from public internet.

已提问 2 年前2884 查看次数
2 回答
1

Lambda does not support what you are asking for. As you suggested, you could use IAM to allow access only to a holder of the appropriate IAM role.

profile pictureAWS
专家
Uri
已回答 2 年前
1

Poor implementation. 100% should have been behind a security group, the lambda itself is...

There are many times this would be so much better just using NONE instead of IAM for authentication, and limiting to a set of ec2 or vpc etc. For example, I want to have Oracle RDS talk to IAM. In order to call the lambda, it requires sgv4 to be used with the call. In order for that to occur, you need to obtain IAM access key and secret. We don't use IAM users, we use roles, as we should. So how do we do that? we have to create a user just for the purpose of this, then we have to worry about rotating the keys from time to time, and getting them into the database.

Once that is done, we still need to write something which will generate the correct signature and then attach it to the standard request stuff.

So annoying. It's fine if you have access to AWS CLI tools or python etc, where the signature can just be handled via boto3 etc, but not so great rolling your own.

I wish I could just have set my SG on the lambda to only accept connections from my RDS oracle SG, and it would be secure.

已回答 2 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则