Can lambda be accessed privately from a vpc? Let's say I want to invoke a lambda function from a python code running on a EC2 server in a private subnet, can I invoke it without going over internet?
1
-
Hi. I updated the answer. As of today (20 Oct 2020) you can invoke lambda privately, without internet.Marcin– Marcin2020-10-21 04:57:48 +00:00Commented Oct 21, 2020 at 4:57
Add a comment
|
2 Answers
Update 20 Oct 2020
As of today, lambda has VPC interface endpoints:
AWS Lambda now supports AWS PrivateLink which lets you invoke Lambda functions securely from inside your virtual private cloud (VPC) or on-premises data centers without exposing traffic to the public Internet.
Previous answer which was valid at the time of making it
To my is no direct way of doing this.
Lambda VPC integration is only for lambda to access VPC resources, not for VPC resources (e.g. ec2 instance in private subnet) to invoke lambda function. The reason is that Lambda invocation can come from only AWS Lambda API.
Also since lambda does not have VPC endpoint, you can't call it from a private subnet without a NAT gateway.
2 Comments
Ben
This is now possible, as of today: aws.amazon.com/blogs/aws/…
Marcin
@Ben Thanks ben. That's good news. I will update my answer.
Yes you can, take a read at Lambda with VPC Networking.
By doing this an ENI would be created in your VPC, within the subnets that you specify. This ENI will be bound to any Lambda invocations, ensuring that network transit will only reside from these VPCs.
Once its in the VPC you could put it behind an internal ALB, allowing your Python script to perform an interaction against the ALB which will invoke the Lambda privately.
1 Comment
Anshul Sharma
Thanks, I am aware of lambda vpc networking. But AFAIK when you configure the ALB with lambda as target, there is no guarantee that the traffic will flow privately. Is there a document which mentions otherwise?