Reputation: 3866
AWS Lambda function via Function URL invoke only within VPC
I have a lambda function in AWS inside a VPC. I want to attach http handler (function URL).
The problem is, if I enable the function URL then it creates a public endpoint.
Alternatives I don't want to use
- enable AWS_IAM security (then the caller will need to use AWS SKD and get token and all)
- API gateway trigger (I am already using API gateway as proxy to kubernetes Ingress, I don't want to diverge that)
- ALB (I am already using k8s ingress, which creates ALB, so I want the proxy to be created manually by code, not using lambda configuration)
Is there a way we can create AWS Lambda function URL but it should be accessible only within VPC without involving AWS SKD? (like wget URL)
Upvotes: 10
Views: 8155
Answers (3)
Reputation: 764
It's a bit late, but nonetheless, the Function URL is always public, and there is no way to make it private as the documentation states (at least at the time of posting this):
You can access your function URL through the public Internet only. While Lambda functions do support AWS PrivateLink, function URLs do not.
You can find more information here https://docs.aws.amazon.com/lambda/latest/dg/lambda-urls.html.
There is another way to invoke the Lambda function privately from a VPC, using VPC Lattice, but this is meant for architectures where you have several services and not an ad-hoc Lambda. However, nothing prevents you from using it for just one Lambda.
Hope it helps.
Upvotes: 4
Reputation: 2203
I looked into this for a similar use-case, eventually I went with a direct lambda Invoke from the SDK, using the RequestResponse InvocationType to obtain the response payload. This suited my needs, but it might not suit your case.
InvokeResponse response = await lambdaClient.InvokeAsync(new InvokeRequest() {
FunctionName = "LambdaFunctionName",
InvocationType = InvocationType.RequestResponse,
Payload=data
});
Upvotes: 4
Reputation: 91
In our org, we ended up going with an internal-only ALB and we enabled MultiValueQueryStringParameters to pass data into the Lambda function and to execute it. This is the only way I could find to provide an internal-only URL that I could further protect with a security group. I couldn't figure out how to make Lambda URLs internal-only.
Upvotes: 2
Related Questions
- Invoking a Lambda function from another Lambda Function Inside of a VPC
- AWS call Lambda inside VPC to another Lambda in another VPC
- AWS Lambda function can't invoke another Lambda function in the same VPC
- External calls in an AWS Lambda Function in VPC
- Is there a way that invoke a AWS Lambda function between different VPC?
- Invoke aws lambda from aws lambda in same vpc
- AWS Lambda Function in VPC Not Working With S3 Endpoint
- Issue with VPC attached to Lambda function
- AWS Lambda function call API in my local machine
- How to allow invoking an AWS Lambda function only from EC2 instances inside a VPC