问题
So if I have two lambdas, one inside a private VPC, and one not on a VPC, calling the private lambda from inside the public lambda works but I cant call the public from the private lambda.
There's no NAT setup.
Why is this? It seems that I should not be able to call the private from the public theoretically.
回答1:
In order to trigger a Lambda function, all that's required is for the caller to have outbound access to the Invoke AWS API. It is not necessary for the invoked Lambda function to have any open inbound ports, or any public Internet access.
So a public (non-VPC, has Internet access) Lambda function can call the Invoke API to trigger the private Lambda function, but the private VPC (no Internet access) Lambda function cannot access the Invoke API to trigger any Lambda function.
回答2:
To solve this issue you may configure the lambda inside the VPC to have internet access. This article explains how to set up this configuration.
来源:https://stackoverflow.com/questions/41559577/why-can-i-call-an-on-vpc-aws-lambda-from-an-off-vpc-aws-lambda-but-not-vice-vers