AWS Lambda in VPC having access to AWS resources as well as internet with IGW , Internet Gateway , NAT and Route Tables


If Your lambda function didn't required to call third party services like firebase or payment gateways etc, you can configure it to use default aws vpc which don't have internet access.

But If you required to have internet access as well in VPC , you need to set up NAT (network address translation gateway) , IGW ( internet gateway) , Route Tables with their subnets as attachments.

Note : Some of these services are chargeable .

Here is step by step guide to setup lambda for second case.

We going to have total 3 Subnets. 2 Private subnet and 1 public subnet.

In Lambda Function > Configuration > VPC > Subnets  we going to have only two private subnets selected. public subnet won't be selected here. 

1) Lets say your default vpc has private ip address as or create new one.

2) Create Private Subnets :
    Go to AWS VPC > Subnets > Create two private subnets with CIDR as and

    FYI: All route to private subnets are going to NAT and IGW via route tables.
3) Create Public Subnet :
    Just like 2) Create subnet with CIDR block .
NAT gateway will serve as public gateway on this subnet. and all internet tranffic will route from here.

4) Create IGW (Internet Gateway) :
    AWS Console > VPC > Create internet gateway and attach it to our VPC

    AWS Console > VPC > create NAT gateway > attach Elastic IP (New or old) and public subnet .

6) Create Route table for Public subnet:
    AWS Console > VPC > Route table > Create > select vpc > save > "Routes" tab > Edit > set destination
    as and target as your internet gateway.
    AWS Console > VPC > Subnets > Public subnet > "Route table" > Edit > Select created route table. 
    FYI: To forward unknown traffic (Not AWS resources) to internet gateway, we need to create routetable
    with address .

7) Create Route table for Private subnet:
    AWS Console > VPC > Route table > Create > select vpc > save > "Routes" tab > Edit > set destination
    as and target as your NAT gateway.
    AWS Console > VPC > Subnets > Private subnets > "Route table" > Edit > Select created route table. (For remaining pvt subnets as well) 

8) Thats It. Now go lambda configurations and select VPC and attach two private subnets.

Note : You can have more private subnets for more availability.

Edit :  Found more articles of it.

Happy Serverless !
Currently unrated


There are currently no comments

New Comment


required (not published)