Static IP for lambda
A customer wants to call a api on-prem from lambda on aws. Api on prem has to allowlist the ip of client who can call it. One way would be to attach lambda with VPC and call api with NAT GW in between so we get the static IP. But i am sure there is a better way to achieve this. any suggestions?
- 最新
- 最多得票
- 最多評論
Lambda functions by default run in the Lambda service VPC and as such you will not have any control on the IP address it uses for outbound communications.
In order to control it you will need to attach the function to a VPC. When in the VPC, if you connect to the on premises over the internet, you will need to use a NAT Gateway with an EIP. If you connect to the on premises API over VPC or Direct Connect, you can't use the NAT Gateway for that, so all you can do in that case is to attach the function to a small subnet and then allowlist the entire CIDR for that subnet. For resiliency, you should attach it to subnet in multiple AZs and then you will need to allowlist the CIDR blocks for all AZs.
相關內容
- 已提問 6 個月前
AWS 官方已更新 1 年前- AWS 官方已更新 3 年前
- AWS 官方已更新 2 年前