As-Is:

We are currently uploading files to S3. These files are processed by a lambda function which then writes a file back to S3.

Problem:

We are processing critical data. So the data must not be stored in the cloud according to the compliance team. It shall be stored on-premise on our own file servers.

Question:

How can we replace S3 easily so that our lambda function is accessing the file on the on-premise file server? (The files must not stored be on S3 - even for a millisecond) (Alternatively the file might be provided by a user e.g. on a GUI)

CodePudding user response：

If the data can't be transmitted to the cloud, then you can't use a Lambda function in the cloud to process it - if the code is not running on your servers, then it has to receive a copy of the data somehow, which means the data is leaving your network.

If you really want to have the same experience as running in AWS but with on-premise hardware, you can get an AWS Outpost, which is like your own little bit of AWS.

Alternatively, just run the code that would have been in Lambda on your own servers, perhaps using an open-source package that gives you Lambda-like execution using local containers.

CodePudding user response：

So the data must not be stored in the cloud according to the compliance team.

If your only concern is that you don't want to store data on S3, you can put your Lambda in a VPC and have a Site-to-Site VPN from your on-premises network to the AWS VPC.

Usually compliance is not just limited to long term storage like S3. You should check if your data is allowed to leave your local network. In order for Lambda to do processing on your data, the data has to be stored temporarily in the cloud, and also it will leave your local network. If there are compliance limitations for these cases, probably Lambda would not be the best option.