Issue with VPC attached to Lambda function

Question

I have a Lambda function which connects to an external database (running MySQL) and sends SNS emails after grabbing data from the database.

I have created a VPC with a NAT gateway, 2 subnets and a security group that allows all incoming and outgoing traffic. The reason for creating a VPC to attach to my Lambda function is that I needed an Elastic IP as MySQL needs to authorise all external IPs trying to connect.

Without the VPC, my code works fine, gets the data from the database and send the SNS emails with no problem. However, when adding the VPC to the Lambda function, neither the MySQL queries work nor does SNS send any emails.

I don't get any errors in CloudWatch Logs or any indication of what may be causing the issue. Anybody know what could be causing this?

Answer 1

For an AWS Lambda function to have Internet access, one of these options is required:

• Do not select a VPC. The function will be directly connected to the Internet but, contrary to your needs, you will not have an Elastic IP address associated with it.
• Connect the Lambda function to a private subnet and use a NAT Gateway to connect to the Internet. The Lambda function will appear to come from the IP address of the NAT Gateway.
• Connect the Lambda function to a public subnet and associate an Elastic IP address to the Elastic Network Interface (ENI) where the Lambda function connects to the subnet. Internet traffic will appear to come from the Elastic IP address.