Hi,
I'm wanting to establish connectivity to an RDS instance from some Lambda functions. Lambda functions are autodeployed with serverless framework, so ideally my config would be dynamic. I am currently managing infrastructure with CDK, and have the following resources:
- RDS on Private Isolated subnet in VPC A, managed by CDK
- EC2 instance on public subnet in VPC A, managed by CDK (For access to the RDS from the wider internet)
- (Backend) 4 Lambdas without a VPC (Public), behind an API Gateway in default VPC, managed by serverless deploy
- Frontend hosted on S3 behind Cloudfront, managed by serverless deploy
I'm a bit stumped because I don't want to update my CDK script whenever the lambdas change. Help is much appreciated.
Am I ok to put them in the same Private Isolated subnet as the RDS? Otherwise I can create private subnets on the VPC and put them there. How do I then allow access to the RDS?
I think it would be better to attach the functions to different subnets in the same VPC. In the RDS security group reference the Lambda security group to allow access.