I am trying to design a solution where Lambda function required to run within VPC which need to be triggered by DynamoDB events. My question is with the correct configuration of NACL and Security Groups can I make the trigger working?
Add a comment
|
3 Answers
I don't see how NACL or Security Groups would even be relevant to your problem statement. DynamoDB would trigger a call to the AWS API to invoke your Lambda function. AWS then invokes your Lambda function with the event information from DynamoDB. If the Lambda function is configured to run in a VPC then it will run in a VPC.
Is there an actual error you are currently encountering?
Comments
I have it working this way...
- Set up a VPC Endpoint
- For the subnet your Lambda is in, add inbound rules to the NACL for port range 1024 - 65535 and these CIDR blocks:
- 52.94.0.0/22
- 52.119.224.0/20
- Subscribe to receive a notification of changes to IP address ranges, in case the above CIDRs change.
I'm trying to figure out if there is a better way; I was under the assumption the NACL rules were not needed.
Comments
After reaching out to AWS I was able to clarify how the trigger work, we don't have to specify any NACL or Security Groups which enable the trigger because AWS uses a what they call a "Private Connection". Even though I have a serious concern on how it penetrate all these firewalls, it really works without any configuration changes.