Not able to access internet inside Default AWS VPC from Lambda

Question

Hi I am developing a AWS serverless application, default VPC which has subnets attached with internet gateway. I have configured my lambda function inside default VPC. I am expecting the lambda to have internet connection to it as the subnets are attached with internet gateway. But unfortunately lambda function doesn't have internet access. Can someone help in access internet from lambda in this scenario

Answer 1

The Lambda function within a VPC, particularly within a public subnet, faces limitations in accessing the internet. This is primarily due to the default absence of a public IP for AWS Lambda functions, leading to the rejection of requests by the Internet Gateway.

To address this issue, you can take the following steps:

• Establish a NAT gateway and link it to the public subnet of the VPC.
• Subsequently, create a route table, add a route for the NAT gateway with the target set to the NAT gateway and the destination specified as 0.0.0.0/0.
• Create a subnet and associate it with the newly configured route table.

By implementing these steps, the Lambda function within the public subnet can overcome the inherent lack of public IP and gain the necessary access to the internet.

Reference Links:

• Why can't an AWS lambda function inside a public subnet in a VPC connect to the internet?
• https://repost.aws/knowledge-center/internet-access-lambda-function

Answer 2

In default VPC all subnets are public. This means that even if you have NAT, your lambda will not work. To make it work you have to create a private subnet in your default VPC, setup it route tables to the NAT located in a public subnet, and then place your function in the private subnet.

Answer 3

You can give your VPC Lambda access to connect to the internet using either VPC end points or a NAT gateway like you have setup and is also described here (https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/). However this gives your Lambda access to the internet, it does not work in the other direction ie. give the Lambda access to from the internet side to to your Lambda. For that you need to use an API Gateway that fronts it etc.