This article will discuss configuring AWS Lambda functions to have access to VPC resources as well as Amazon resources that are not directly attached to the VPC. This is a common problem is you need to access RDS or Elasticache instance that live inside a VPC.
This guide will discuss the few simple steps that are necessary to make Lambda functions work with both VPC and Internet resources.
Amazon documentation provides some basic information to help you.
The steps needed are:
- Create a private subnet inside your VPC
- Create a NAT Gateway
- Create a Route table with your NAT Gateway
- Assign the Route table to your subnet
- Attach your Lambda functions to the subnet
To create a private subnet, you simply click the "Create Subnet" button inside the Subnets section of the VPC Dashboard. It will be created as a private subnet by default. This is exactly what we need. It will look like this after creation:
Next is creating the NAT Gateway. Select the subnet that was created in step one. Create an Elastic IP if need be, most likely you will need to create one, unless you have an unassigned EIP.
Next we will create a new route table. Click Create Route Table and create it inside your VPC. Then select the Routes tab and edit the routes. Create a route with the address
0.0.0.0/0 and assign the target to the ID of your NAT Gateway. It will look something like:
Next, assign your subnet to the route table by going to the Subnet Associations tab and adding the subnet you created in Step 1.
After this, you're all set. You simple need to deploy your Lambda function into the Subnet created in step 1.