Does a lambda call another lambda go through internet?

Question

I have a lambda which needs to call another lambda in the same account. It could be in the same region or multiple regions. The call is direct lambda call invokeLambda. And both lambdas are not in VPC. I don't know whether the call is going through internet? Or the call is just inside internal network.

Answer 1

Lets consider you have two lambda A and lambda B. Both lambda in "us-east-1" region and same account "xxxxxxxxx". Only difference is lambda A is in VPC and lambda B non VPC.

Whenever you are going to talk with another instance in AWS or any other non AWS resources over non VPC component you call goes to internet through "Internet Gateway and Nat instance" or "Nat Gateway".

In you case also when you call lambda B inside lambda A code as "invokeLambda" it will try to call over internet only. if you security group and subnet not allowing internet connectivity then it will fails to call lambda B. As said by @Marcin its used public endpoint to connect lambda.

Note : all AWS resources talk or handshake each other using AWS ARN ( Amazon Resource Names).

Answer 2

No, it does not. Regions are connected via the AWS backbone network which is a dedicated web of optical cables that provides a separate connection plane. When a Lambda calls another Lambda, it is intra-, or inter-region communication which does not go to the Internet.

Answer 3

It goes over the internet. And the reason is that your function must invoke a public lambda endpoint:

To connect programmatically to an AWS service, you use an endpoint.

This is the same reason why if one lambda is in a VPC, it can't invoke second one without NAT - can't access lambda public endpoint.