AWS Lambda in VPC having access to AWS resources as well as internet with IGW , Internet Gateway , NAT and Route Tables

(0 comments)

If Your lambda function didn't required to call third party services like firebase or payment gateways etc, you can configure it to use default aws vpc which don't have internet access.

But If you required to have internet access as well in VPC , you need to set up NAT (network address translation gateway) , IGW ( internet gateway) , Route Tables with their subnets as attachments.

Note : Some of these services are chargeable .

Here is step by step guide to setup lambda for second case.

We going to have total 3 Subnets. 2 Private subnet and 1 public subnet.

In Lambda Function > Configuration > VPC > Subnets  we going to have only two private subnets selected. public subnet won't be selected here. 

1) Lets say your default vpc has private ip address as 192.168.0.0/16. or create new one.

2) Create Private Subnets :
    Go to AWS VPC > Subnets > Create two private subnets with CIDR as 192.168.20.0/24 and 192.168.30.0/24

    FYI: All route to private subnets are going to NAT and IGW via route tables.
 
3) Create Public Subnet :
    Just like 2) Create subnet with CIDR block 192.168.10.0/24 .
    FYI:
NAT gateway will serve as public gateway on this subnet. and all internet tranffic will route from here.

4) Create IGW (Internet Gateway) :
    AWS Console > VPC > Create internet gateway and attach it to our VPC

5) CREATE NAT :
    AWS Console > VPC > create NAT gateway > attach Elastic IP (New or old) and public subnet .

6) Create Route table for Public subnet:
    AWS Console > VPC > Route table > Create > select vpc > save > "Routes" tab > Edit > set destination
    as 0.0.0.0/0 and target as your internet gateway.
    AWS Console > VPC > Subnets > Public subnet > "Route table" > Edit > Select created route table. 
    FYI: To forward unknown traffic (Not AWS resources) to internet gateway, we need to create routetable
    with address 0.0.0.0/0 .

7) Create Route table for Private subnet:
   
    AWS Console > VPC > Route table > Create > select vpc > save > "Routes" tab > Edit > set destination
    as 0.0.0.0/0 and target as your NAT gateway.
    AWS Console > VPC > Subnets > Private subnets > "Route table" > Edit > Select created route table. (For remaining pvt subnets as well) 

8) Thats It. Now go lambda configurations and select VPC and attach two private subnets.


Note : You can have more private subnets for more availability.


Edit :  Found more articles of it.
 https://gist.github.com/reggi/dc5f2620b7b4f515e68e46255ac042a7
 http://marcelog.github.io/articles/aws_lambda_internet_vpc.html

Happy Serverless !
Currently unrated

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required