amazon-vpc

I have a lambda function that accesses my Postgres db in RDS via VPC. After it queries the db, I want to post a notification to SNS. Because my lambda function exists in my VPC, it cannot access SNS. I have an internet gateway on my VPC. I read through the VPC endpoint documentation and currently only s3 is supported. Is there anyway to publish to SNS in a lambda function in a VPC? You will need a NAT server running in your VPC to route traffic outside of the VPC. AWS now offers a managed NAT service that makes this easier. UPDATE As of April 2018, SNS supports VPC Endpoints via AWS

Overall, I'm pretty confused by using AWS Lambda within a VPC. The problem is Lambda is timing out while trying to access an S3 bucket. The solution seems to be a VPC Endpoint. I've added the Lambda function to a VPC so it can access an RDS hosted database (not shown in the code below, but functional). However, now I can't access S3 and any attempt to do so times out. I tried creating a VPC S3 Endpoint, but nothing has changed. VPC Configuration I'm using a simple VPC created by default whenever I first made an EC2 instance. It has four subnets, all created by default. VPC Route Table

I am trying to delete aws vpc (a non default one). I am getting error that "We could not delete the following VPC (vpc-xxxxxxx (xx.xx.xx.x/16)) Network interface 'eni-xxxxxx' is currently in use. (Service: AmazonEC2; Status Code: 400; Error Code: InvalidParameterValue; Request ID: xxxxxx-dd86-47c8-98cd-xxxxxxxxxxx)". When I tried deleting the related Network Interface, I got error "eni-xxxxxxx: You do not have permission to access the specified resource." There are security groups associated with the NI (network interface). There are subnets associated with the NI. There are no EC2 instances -

I have a situation when my product(some Web API) is living inside of VPC, i.e. with no any any external access. I'd like to expose the part of this APIs(just a couple of HTTP methods) to be accessible from the internet. I'm trying to achieve this using AWS API Gateway but it looks like I cannot make internal ELB endpoint the API Gateway resource. Any ideas how can I do this? Thanks, --Vovan This was originally not possible, and then was solved with support for client certificates that API Gateway could use to authenticate itself to your services. This was a good solution, and is still

I'm using Amazon EC2, and I want to put an internet-facing ELB (load balancer) to 2 instances on a private subnet. I am using VPC with public and private subnets. If I just add the private subnet to the ELB, it will not get any connections. If I attach both subnets to the ELB then it can access the instances, but it often will get time-outs. (Refer Screenshot 1) If I attach to only public subnet then my instance attached to ELB gets OutOfService because I do not have any instance in the Public Subnet, instance count shows 0. (Refer Screenshot 2) Screenshot 1: Both subnets attached Screenshot 2

I have amazon VPC set through wizard as "public only network", so all my instances are in public subnet. Instances within VPC that have Elastic IP assigned connect to internet without any troubles. But instances without elastic IP can't connect anywhere. Internet gateway is present. Route table in aws console looks like Destination Target 10.0.0.0/16 local 0.0.0.0/0 igw-nnnnn and route from inside instance shows Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.0 * 255.255.255.0 U 0 0 0 eth0 default 10.0.0.1 0.0.0.0 UG 100 0 0 eth0 I tried to open ALL

Our Redshift cluster resides in Zone A. When our Lambda function uses a Zone A subnet, it can connect to Redshift. When our Lambda function uses a subnet other than Zone A, it times out. The work around, where we ALLOW connections for Redshift on port 5439 from 0.0.0.0/0, is not desired. We have our Lambda functions and Redshift cluster in the same VPC. Lambda functions have 4 dedicated subnets (one per zone) Redshift has 4 dedicated subnets per zone as well Lambda functions have their own security group (SG) The Redshift cluster has it's own SG as well. Redshift SG ALLOWs port 5439 from

I want to assign one of my reserved Elastic IP's(ec2 classic ip) to Autoscaling group in VPC. Using AWS Cli I moved ip to vpc: $ aws ec2 move-address-to-vpc --public-ip 23.23.23.23 And saw in aws concole, that this IP passed to VPC. And Assigned in tags of AutoscalingGroup in Cloudformation template in Resources: "Process": { "Type" : "AWS::AutoScaling::AutoScalingGroup", "Properties": { "LaunchConfigurationName": {"Ref": "PreprocessorLC"}, "LoadBalancerNames": [{"Ref": "ProcessELB"}], "VPCZoneIdentifier" : [{ "Fn::Join" : [",", [ { "Ref" : "PublicSubnet1"}, { "Ref" : "PublicSubnet2"} ]]}],