DEV Community

Cover image for Internet access for lambda in VPC
Afraz Khan
Afraz Khan

Posted on

Internet access for lambda in VPC

AWS resources living inside a VPC have some security layers attached to them and AWS Lambda is one of very common such scenarios, where your code is only accessible if allowed or can connect to internet ( to access dynamodb, ec2 instances etc) if needed through VPC configurations.

How to attach VPC to your lambdas:

  1. Create 2 new private subnets particulalrly for your lambdas and label them in such a way so that they are distinguishable as private subnets.
  2. If delegeted VPC has no Internet Gateway attached, create one and attach to VPC.
  3. Create a NAT Gateway and give it a public subnet. (create if not avail)
  4. In Route Table tab, there must be 2 route tables, one for your private subnets/lambdas and other for public subnets.
    Associate public subnets to route table specified for public subnets with below configuration

     Destination -> 0.0.0.0/0
     Target -> {Internet Gateway}
    
  5. Associate private subnets to other route table with below configuration

     Destination -> 0.0.0.0/0
     Target -> {Nat Gateway}  
    
  6. Create a role with policy AWSLambdaVPCAccessExecutionRole and attach it to all lambas that need public access.

  7. Attach VPC and private subnets to your lambdas.

Cheers :)

Discussion (0)