Lakshman Diwaakar
Reputation: 7579
Is VPC enabled lambda architecture can be any better?
Our architecture is a FAAS approach, where our entire backend is on Lambdas. The persistence layer is a managed Cloud Mongo Cluster, so called Atlas. Lambdas in the VPC talk to mongo cluster using a peered VPC connection.
I need a VPC enabled Lambda, because Lambda talks to mongo cluster using the VPC Peering connection. I need a NAT gateway because resources inside Lambda has to talk with external internet resources. Here is my VPC-Lambda-Mongo architecture:
So my questions are:
- Security and Safety is very important, Do you suggest any better architecture than this? I would be happy to hear it.
Upvotes: 0
Views: 309
Answers (1)
helloV
Reputation: 52423
- If Security and Safety is very important, why are you even thinking about making the subnet public? You can save few bucks, but any accidental opening of inbound ports in the security group is a risk.
- You can use a NAT instance instead of NAT gateway. And if your outbound traffic through NAT is sporadic then go for
t2.microNAT ($9/month) ort2.nanoNAT ($5/month) - Most important: Running your Lambdas in public subnet may not be PCI/SOC2 compliant
- I am not sure if Lambdas in public subnet can access internet directly. If it is possible, then what is the source IP for the outgoing packet?
Upvotes: 3
Related Questions
- Lambda function in multiple subnets
- What is the downside of NOT running AWS Lambda functions in a VPC?
- AWS VPC vs Subnet for Application Wrapping
- Do I need to define huge VPC subnets in order to run many Lambda functions in parallel?
- Put lambda in VPC and subnet
- Confusion of AWS Lambda inside VPC vs outside VPC
- How does an AWS Lambda function scale inside a VPC subnet?
- Why AWS Lambda suggests to set up two subnets if VPC is configured?
- Why use a VPC with AWS Lambda or AWS DynamoDB?
- When should I configure or not configure VPC in AWS Lambda functions