I'm going to walk you through the steps for setting up a AWS Lambda to talk to the internet and a VPC. Let's dive in.
So it might be really unintuitive at first but lambda functions have three states.
- No VPC, where it can talk openly to the web, but can't talk to any of your AWS services.
- VPC, the default setting where the lambda function can talk to your AWS services but can't talk to the web.
- VPC with NAT, The best of both worlds, AWS services and web.
I'm gonna walk you through the steps to set up number 3.
Note: This tutorial isn't exactly in order of steps, you may need to create one thing (subnet, nat, route table) then go back into the settings for something previously created and edit it to use a newly thing.
VPC Dashboard > Subnets
This is what I had to start with, my existing vpc that I wanted to connect to already had 4 subnets. Here I noticed I had a couple of subnets already set up. Below is a totally fake ip I pulled from the internet. But the patten of increments of 16 is recreated here.
Note: DO NOT use
131.179.0.0/16it's just an example.
| VPC | CIDR |
|---|---|
| vpc-████████ (131.179.0.0/16) | 131.179.0.0/20 |
| vpc-████████ (131.179.0.0/16) | 131.179.16.0/20 |
| vpc-████████ (131.179.0.0/16) | 131.179.32.0/20 |
| vpc-████████ (131.179.0.0/16) | 131.179.48.0/20 |
Here I created three four new subnets.
| VPC | CIDR | name |
|---|---|---|
| vpc-████████ (131.179.0.0/16) | 131.179.64.0/20 | lambda-subnet-point-to-nat-1 |
| vpc-████████ (131.179.0.0/16) | 131.179.80.0/20 | lambda-subnet-point-to-nat-2 |
| vpc-████████ (131.179.0.0/16) | 131.179.96.0/20 | lambda-subnet-point-to-nat-3 |
| vpc-████████ (131.179.0.0/16) | 131.179.112.0/20 | lambda-subnet-point-to-igw |
Note: Here
igwstands forInternet Gatewayandnatstands fornetwork address translation gateway (NAT Gateway).
Three of them will point to the nat and one points to the igw.
Let's create the Route Tables now.
VPC Dashboard > Route Tables
Your going to want to set up two Route Tables.
One that points to your nat let's call this lambda-rt-to-nat:
| Destination | Target |
|---|---|
| 131.179.0.0/16 | local |
| 0.0.0.0/0 | nat-█████████████████ |
One that points to your igw let's call this lambda-rt-to-igw:
| Destination | Target |
|---|---|
| 131.179.0.0/16 | local |
| 0.0.0.0/0 | igw-████████ |
Your gonna want to go into each of the subnet and assign them to their corresponding route table.
| subnet name | route table name |
|---|---|
| lambda-subnet-point-to-nat-1 | lambda-rt-to-nat |
| lambda-subnet-point-to-nat-2 | lambda-rt-to-nat |
| lambda-subnet-point-to-nat-3 | lambda-rt-to-nat |
| lambda-subnet-point-to-igw | lambda-rt-to-igw |
Lambda > Functions > my-function > Configuration > Advanced Settings
Now you want to set up your lambda function to use the subnets you created.
Setup your lambda to use your VPC.
VPC
vpc-████████ (131.179.0.0/16)
Here you setup lambda to use the subnets that point directly to your nat.
Subnets*
| subnet name |
|---|
| lambda-subnet-point-to-nat-1 |
| lambda-subnet-point-to-nat-2 |
| lambda-subnet-point-to-nat-3 |
VPC Dashboard > NAT Gateways > Create NAT Gateway
Your going to want click Create NAT Gateway and set the Subnet* to lambda-subnet-point-to-igw, and Create New EIP.
That should be it! Your lambda should be able to talk to both the VPS and the web through a NAT! Comment below if you need help or want to clarify anything here!
- Essentials: Introducing VPC Support for AWS Lambda
- AWS Lambda: How to setup a NAT gateway for a lambda function with VPC access
- New – Access Resources in a VPC from Your Lambda Functions
- Configuring a Lambda Function to Access Resources in an Amazon VPC
- February 2016 Webinar Series - Introducing VPC Support for AWS Lambda
- amazon lambda nat
- aws lambda vpc web
- aws lambda rds and web
- aws lambda rds and http request
- lambda timeout
- AWS lambda timeout random vpc
Thanks a lot. This is the only method that worked.
But there is one issue that I am facing now. I am not able to access the RDS from my local machine.
I had an Aurora RDS (MySql 5.6 Compatible) running on this same VPC that I configured for lambda after following this guide. But after configuration, I couldn't connect to MySql anymore. My IP address is in the security group. I tried allowing public access in the security group but still no success. Restarted my machine, tried again, still couldn't connect. I think there is some issue with subnets.
One thing that (I think) I did differently from the mentioned steps was, the VPC was originally attached to a routing table that was attached to an IGW. I tried attaching a new routing table with VPC but couldn't do so, so I modified that Routing table, removed the existing IGW from that table and linked that table with NAT as suggested in this guide above.
I tried tweaking around but couldn't connect to MySql from my Machine. The lambda function seems to work fine though.
Do let me know if anyone can help.
Thank You.
Update:
Ok so I figured it out myself. My Lambda function already had 3 subnets attached to it. I followed the above guide and attached three more subnets as told in the guide above. But I didn't remove the already existing ones. These were the main culprit.
So I removed those three and everything started working beautifully.