Difference between AWS ENI (Elastic Network Interface) and NAT Gateway in Route Table Configuration

Question

I am now trying to configure a route table for a private subnet, and I config an AWS Lambda function with these subnets. When I use an ENI, I will receive a ssl error (violation of protocol) when I was trying to make an API call through Internet (like a call to the ServiceNow API). When I use NAT, it works.

I investigate for a while, but still confused about when should we use ENI (or nat)? What is the difference?

Answer 1

When an AWS Lambda function is not connected to a VPC, it has direct access to the Internet.

When an AWS Lambda function is connected to a VPC, and requires access to the Internet, then the configuration should be:

• Associate the Lambda function with a private subnet in the VPC
• Create a NAT Gateway in a public subnet
• Configure the Route Table for the private subnet to route 0.0.0.0/0 traffic to the NAT Gateway

You probably received the error because the Lambda function was unable to reach the endpoint on the Internet. I don't know why you specifically received an "SSL Error".

An Elastic Network Interface (ENI) is the virtual network connection between a resource (eg an AWS Lambda function) and a VPC. Think of it like a 'network card' that connects it to the network.

A NAT Gateway is a service that does IP address translation. It accepts the local traffic and sends it to the Internet, also passing back responses. It enables Internet access from private subnets while preventing inbound access to the private subnet.