AWS Lambda Function is not assigned to access within VPC

Home
»
AWS Documentation
»
General
»
AWS Lambda Function is not assigned to access within VPC

AWS Lambda Function is not assigned to access within VPC

Description

By default, Lambda runs functions in a secure VPC with access to AWS services and the internet. Lambda owns this VPC, which isn’t connected to the account’s default VPC. Internet access from a private subnet requires Network Address Translation (NAT).

To give your function access to the internet, route outbound traffic to a NAT gateway in a public subnet.

Fix - Buildtime

Terraform

Resource: aws_lambda_function
Argument: vpc_config.subnet_ids
For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC. When you connect a function to a VPC, it can only access resources and the internet through that VPC.
subnet_ids – List of subnet IDs associated with the Lambda function.
Note: If both subnet_ids and security_group_ids are empty then vpc_config is considered to be empty or unset.

resource “aws_lambda_function” “test_lambda” {

…

vpc_config {

// Every subnet should be able to reach an EFS mount target in the same Availability Zone.

// Cross-AZ mounts are not permitted.

+ subnet_ids = [aws_subnet.subnet_for_lambda.id]

security_group_ids = [aws_security_group.sg_for_lambda.id]

}