How did AWS Improve VPC Networking for Lambda to Address Cold Start Problem

wingkwong profile image Wing-Kam ・2 min read

I believe there are a lot of people facing a cold start problem when they use Lambda to request resources in their own VPCs like Amazon RDS or Redis. Lambda function is managed by AWS. You can access anything on the public Internet. However, when your lambda function is configured to connect to your own VPC, it needs an elastic network interface (ENI) in VPC to allow the communication to your private resources. Normally creating and attaching a new ENI takes several seconds. However, if your Lambda environment scales to handle huge request spikes, you need more ENIs. The time causes long cold starts before it can be invoked. Some potential issues may include reaching ENI limit in your account or hitting API rate limit on creating ENIs.


About months ago, AWS leveraged AWS Hyperplane, which is a netwwork function virtualization platform used for network load balancer and NAT gateway, to allow inter-VPC connectivity by providing NAT capabilities. When you deploy your Lambda, it will help you to build a VPC-to-VPC NAT in AWS Lambda Service VPC and the required ENIs in your own VPC. By doing so, the time can be significantly dropped from 10 seconds to 1 second or even few milliseconds.


Let's create a quick test using AWS CDK.

Here we create a lambda function first with inline code

const fn = new lambda.Function(this, 'LambdaFunc', {
      code: new lambda.InlineCode(`exports.handler = (event, context, callback) =>
      callback(null, {
        statusCode: '200',
        body: JSON.stringify(event),
        headers: {
          'Content-Type': 'application/json',
      handler: 'index.handler',
      runtime: lambda.Runtime.NODEJS_8_10,

Define an API Gateway REST API with the Lambda function declared above

new apigateway.LambdaRestApi(this, 'RestAPI', {
    handler: fn,
    endpointTypes: [apigateway.EndpointType.REGIONAL]

After deploying the stack, you will see the endpoint in the output. By running time curl -s <endpoint>, you should see the time taken is less than 1 second.

Posted on by:

wingkwong profile



Consultant by day. Developer by night. AWS certified. Exploring #CloudNative currently.


Editor guide