Reputation: 1130
What it means when AWS Lambda is configured with VPC?
Even after going through the AWS documentation and various blogs, I still don't understand how AWS lambda would behave when it is configured with VPC.
- When AWS lambda configured with VPC, does that mean all instances of lambda would get the IP address from the specified subnet of that VPC?
- How the ENI plays the role in AWS Lambda-VPC configuration? The formula for ENI capacity from AWS doc -
Projected peak concurrent executions * (Memory in GB / 3GB)
Does it means AWS lambda’s running instance used to have 3 GB memory? And when that exceeds another ENI would get attached?
- Most the AWS Lambda-VPC configuration related architecture diagrams shows Lambda inside VPC. Does that means Lambda would run inside VPC?
Here, I’m sure I’m missing a few pieces of information. Any pointers would be helpful.
Upvotes: 2
Views: 727
Answers (1)
Reputation: 4616
When you configure a Lambda function to run in the VPC it uses an ENI that is created with and IP address in one of the subnets you select. Based on the formula of expected ENIs needed it seems that ENIs can be shared between lambdas.
There are only two reasons that I know of for running your lambda in a VPC.
- It needs to access resources inside your VPC that do not have a public endpoint, e.g. Redis/Memcached caching clusters (Elasticache) or an RDS/Redshift cluster that doesn't have a public ip (good idea to not have public ip's on databases). When you lambda runs inside the VPC it uses a private ip and can connect to the private resources in your VPC
- If you need to have your lambda's have a consistent IP address (perhaps a service that only allows whitelisting of IPs for authentication). This is achieved by using a NAT gateway.
Lambda functions cannot received inbound connections in any case.
Disadvantages of putting your lambda in a VPC are
- Slower cold start times since a ENI might need to be provisioned.
- You need a NAT gateway (or VPC endpoint) to access external resources
- Needing to manage concurrency and available ip addresses more closely.
Upvotes: 4
Related Questions
- Invoking the lambda gets timed out after adding VPC configurations
- What is the downside of NOT running AWS Lambda functions in a VPC?
- How lambda connects to s3 inside vpc
- Why can I invoke this Lambda?
- Confusion of AWS Lambda inside VPC vs outside VPC
- Lambda in VPC has Connection Error against AWS API
- using custom vpc instead of default vpc in aws lambda serverless framework
- Issue with VPC attached to Lambda function
- When should I configure or not configure VPC in AWS Lambda functions
- What are the default AWS lambda VPC settings?