I am lost on how to provide outbound internet access to AWS Lambda in our VPC while also having internet gateway to support inbound access (from Internet) to certain resources in our VPC.
From the documentation provided (below), I understand we need to create a private and public subnet (with NAT), and have one route table pointing to IGW, and another to the NAT.
https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/
Our setup is as follows.
VPC
- Private subnet
- Public subnet
Route Table
Table1
- Public subnet
- 0.0.0.0/0 - IGW
Table2
- Private subnet
- 0.0.0.0/0 - NAT
Lambda
- VPC
- Private subnet
RDS (Need access from outside of VPC)
- Under VPC
With this setup, Lambda can access internet but the setup stops external inbound access to our resources in the VPC.
If we reroute our 0.0.0.0/0 in our private subnet to IGW, we can access our resources in VPC from external network but the Lambda loses connectivity to Internet.
Any one has clarity on how to set this up?
Appreciate any views on this.
CodePudding user response:
Just move the resources that need to be publicly accessible into a public subnet (a subnet with a route to the Internet Gateway). The Lambda function has to remain in a private subnet (a subnet with a route to a NAT Gateway).
So in your case the RDS instance should be in the public subnet, and the Lambda function should be in the private subnet.