问题
I have been working on integrating an Amazon Lambda function with connection to a RDS for the mySQL DB and an external API. To access the API, there needed to be an internet gateway and then security groups that allowed connection from 0.0.0.0/0.
I have a a public subnet and private subnet. The public subnet routes to the internet gateway but the private subnet routes to a NAT.
This lead me to think that if I ran the Lambda function with the Public subnet, it would connect to the internet. However, every time it timed out. But, when I ran the lambda function from within the private subnet, it worked! So it the NAT seems to work since that is what the private sunet was associated with, but just using the internet gateway does not work.
Does anyone have any explanation for this?
回答1:
For an Amazon Lambda function to connect to the Internet, ONE of the following is required:
- The Lambda function is not connected to a VPC, OR
- The Lambda function is connected to a private subnet and there is a NAT Gateway/NAT Instance configured, OR
- The Lambda function is connected to a public subnet and an Elastic IP address is assigned to the Elastic Network Interface (ENI) being used by the Lambda function in the subnet
Merely connecting a Lambda function to a public subnet (without an EIP) will not provide Internet access.
来源:https://stackoverflow.com/questions/51680930/aws-lambda-function-with-vpc-only-works-when-in-private-subnet