If I have a aws lambda running in a vpc that should access an external application through the internet (nat gateway -> internet gateway) but also have access to internal AWS services through VPC interface endpoint, how does the lambda knows that it should goes to internet only for the external application access?
CodePudding user response:
The Lambda function (like anything else in the VPC) uses the VPC's DNS server to resolve any domain name to an IP address. The VPC's DNS server will resolve addresses that you have setup as VPC Interface Endpoints as local addresses.
The route table associated with the subnet understands that local addresses should be routed internally within the VPC, while external addresses should be routed to the NAT Gateway.