AWS Lambda VPN Connection Testing


Hello! Please, I do want to ask on how to test AWS Lambda function via site-site VPN connection. The Lambda functions are within the VPC that the VPN is connected to. I was only able to find material for testing EC2 instance for a VPN connection. We do completely severless as such only have Lambda functions in the environment. The VPN connection is between AWS and on-prem environment. I have tested the connection with an EC2 instance via ICMP by pinging the remote IP adress instance and it worked but I need to test it for lambda function I would appreciate some guide on how to test if the VPN is working or not for Lambda Function. Thank you

3 Answers

Hi follow the below steps for your query

  1. Choose VPN Simulation Tool: Decide on a VPN simulation tool to use. OpenVPN and StrongSwan are popular choices for simulating VPN connections. For this example, let's use OpenVPN.

  2. Launch EC2 Instance for OpenVPN Server:

  • Launch an EC2 instance in your AWS VPC to serve as the OpenVPN server.
  • Choose an appropriate instance type and Amazon Machine Image (AMI) for the EC2 instance. A small instance size should be sufficient for testing purposes.
  • Assign the EC2 instance to a security group that allows inbound traffic on the OpenVPN port (usually UDP port 1194).
  1. Install and Configure OpenVPN:
  • Connect to the EC2 instance via SSH.
  • Install OpenVPN on the EC2 instance following the documentation for your operating system.
  • Initialize the OpenVPN configuration and generate client certificates for your Lambda function to authenticate with the VPN server. Follow the OpenVPN documentation for detailed instructions on configuring server and client certificates.
  1. Update Security Group Rules:
  • Update the security group associated with the OpenVPN server EC2 instance to allow inbound traffic on the OpenVPN port (UDP port 1194) from your Lambda function's subnet or IP range.
  1. Update Lambda Function Code:
  • Modify your Lambda function code to include the necessary logic to establish a VPN connection using the OpenVPN client.
  • Include code to authenticate with the OpenVPN server using the client certificate generated in step 3.
  • Update the Lambda function code to interact with resources within the VPN-connected network, such as making API calls to services or accessing databases.
  1. Test the Lambda Function:
  • Deploy the updated Lambda function code to AWS.
  • Invoke the Lambda function and observe its behavior.
  • Check the function's logs in AWS CloudWatch for any errors or diagnostic information related to the VPN connection.
  • Monitor the function's execution results to ensure it successfully interacts with resources within the VPN-connected network.
  1. Cleanup:
  • Once testing is complete, remember to terminate the EC2 instance serving as the OpenVPN server to avoid incurring unnecessary costs.
  • Optionally, remove any client certificates and configurations generated for testing purposes
answered a month ago


Do you want to confirm that you can communicate from your Lambda function to on-premises?
Lambda does not allow ICMP communication, so communication cannot be confirmed using ping etc.
Therefore, it may be a good idea to check ssh connectivity or perform HTTP communication from Lambda to on-premises equipment.

profile picture
answered a month ago

What are you trying to test exactly? How do you invoke the function (API Gateway, SQS, etc.)? Even though your function is attached to the VPC, to invoke it you need access to the public Lambda Invoke API. For that you will need to access the internet from the VPC. You can use a NAT Gateway or a Lambda VPC endpoint. But again, it depends on how you invoke the function.

profile pictureAWS
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions