Lambda in VPC and Network Access
Learn how to connect AWS Lambda functions to a Virtual Private Cloud (VPC) for secure access to private resources and how to manage their network connectivity.
A common use case in enterprise applications is a backend service that manages internal employee data. The service can be built using AWS Lambda to process requests and Amazon RDS to store employee records. To keep the database secure, it is usually deployed in a private subnet of a VPC, meaning it is not directly accessible from the public internet. By default, Lambda functions run in an AWS-managed environment that does not have access to this private subnet. As a result, any attempts by the Lambda function to connect to the RDS instance will fail. In this lesson, we’ll learn how to provide a Lambda function with access to such AWS resources.
Giving Lambda function access to a custom VPC or private subnet
To allow the Lambda function to communicate with resources that are hosted in private subnets, such as databases, caches, or internal APIs, it must be given access to the same VPC where those resources are located. This setup allows the function to send network requests over private IP addresses, within the boundaries of the AWS environment.
To establish this connection, we need to configure the function to use networking components from the target VPC. Specifically, this involves selecting the following within the Lambda function configurations: ...