How to grant internet access to AWS Lambda under VPC

Posted By : Mohd Adnan | 31-Jul-2018

AWS NAT Gateway

Image Credits: AWS

Serverless applications are common these days as they don't need provisioning EC2 instances and configure web servers to run continuously. AWS Lambda provides high scalability and high availability of the application code.  With AWS Lambda you only get charged for what you use. 

 

The Problem


1. If you configure your lambda under VPC - you are unable to access services outside your VPC.
2. Third party applications provide access to whitelisted IPs only and unlike EC2 - a public IP is not assigned to AWS Lambda

 

The Solution

 

The solution is a workaround to this by creating and assigning a NAT Gateway (Network Address Translator) and routing all your API requests to the internet so that all outbound connections from our Lambda will exit through it. 
An Elastic IP is then assigned to the NAT Gateway and that IP can be whitelisted by our third-party services.

The steps involved are as follows:
1. Create a new VPC (or use an existing VPC) from AWS VPC Dashboard
2. Create a new Internet Gateway(IGW) to communicate with the Internet from inside your VPC
3. Now, Create a Public Subnet under your VPC and add a new route to the route table which routes to your Internet Gateway from 0.0.0.0/0
4. Create a new Elastic IP address(EIP).
5. Create a new NAT Gateway and assign it to the Public Subnet and Elastic IP address created at step 3 and at step 4
6. Create a Private Subnet and add a new route to the route table which routes to your NAT Gateway from 0.0.0.0/0


A lambda function can then be created inside your VPC and a request can be made to the Internet to test results.

 

About Author

Author Image
Mohd Adnan

Adnan, an experienced Backend Developer, boasts a robust expertise spanning multiple technologies, prominently Java. He possesses an extensive grasp of cutting-edge technologies and boasts hands-on proficiency in Core Java, Spring Boot, Hibernate, Apache Kafka messaging queue, Redis, as well as relational databases such as MySQL and PostgreSQL. Adnan consistently delivers invaluable contributions to a variety of client projects, including Vision360 (UK) - Konfer, Bitsclan, Yogamu, Bill Barry DevOps support, enhedu.com, Noorisys, One Infinity- DevOps Setup, and more. He exhibits exceptional analytical skills alongside a creative mindset. Moreover, he possesses a fervent passion for reading books and exploring novel technologies and innovations.

Request for Proposal

Name is required

Comment is required

Sending message..