Why is my Lambda unable to access the internet?

Question

I have a Lambda function which can be triggered from an API gateway or ALB request. I also have an RDS Aurora PostgreSQL instance, both of which are running within a VPC.

I'm able to connect to the RDS instance from the Lambda just fine, however I can't access the internet, e.g. attempting to fire off a request to https://jsonplaceholder.typicode.com/todos/1 will cause a timeout.

I also can't connect to the remote database using a SQL client such as DBeaver.

Here's some detail below but let me know if you need anything else. I'm stumped.

Lambda Inbound Rules

Security group ID       Ports   Source
sg-0f2c4426c8fc85235    80      0.0.0.0/0
sg-0f2c4426c8fc85235    5432    0.0.0.0/0
sg-0f2c4426c8fc85235    All     sg-0f2c4426c8fc85235
sg-0f2c4426c8fc85235    22      0.0.0.0/0
sg-0f2c4426c8fc85235    443     0.0.0.0/0

Lambda Outbound Rules

Security group ID       Ports   Destination
sg-0f2c4426c8fc85235    All     0.0.0.0/0

RDS Connectivity

VPC

Public Subnet

Private Subnet

EDITS

Nat Gateway (associated with public subnet)

Route Tables

Route Table Routes

EDIT 2

Lambda Subnets

Answer 1

A mixture of two things I think. 1, as was pointed out, the Lambda should only be connected to private subnets.

I think I'd also mixed up the availability zones between the public and private subnets?

Anyway, the Lambda is now successfully connecting to RDS, hitting external APIs and I can also connect through DBeaver.

Thanks a lot.

Answer 2

The Lambda function should only be connected to a private subnet.

This enables Internet-bound traffic to be routed to the NAT Gateway in the public subnet.

If the Lambda function connects to the public subnet, it will be unable to reach the Internet.