I have lambda function that needs to connect to private RDS instance as well as logging to cloudwatch.

CodePudding user response：

Ultimately those are your options - public RDS or NAT Gateway.

As you mentioned NAT Gateway costs $$, so an alternative is to use a NAT Instance - this is essentially an EC2 instance that does the same job as a NAT Gateway.

AWS used to have an AMI for NAT Instances but this has been reach EOL so you will need to configure the instance manually.

The drawback is that you need to manage the EC2 instance (patching etc) and you may hit bandwidth issues. The plus side is that it is cheaper than a NAT Gateway - you could have a micro or nano instance for example.

CodePudding user response：

The alternative to using a NAT Gateway to access AWS services outside the VPC is to use VPC Endpoints for those AWS services.