VPC Peering with lambda

0

Hello, I have 2 VPCs in 2 AWS accounts having Peering configured. Currently, there is an HTTP connection from lambda to other account lambda using Lambda function URLs. How can I replace this connection with the VPC Peering connection?

3 Answers
2
Accepted Answer

Hello.

Do you mean you want to access the Lambda function URL privately from within your VPC?
In that case, as stated in the document below, only public access is possible, so this is currently not possible.
https://docs.aws.amazon.com/ja_jp/lambda/latest/dg/lambda-urls.html

You can access your function URL through the public Internet only. While Lambda functions do support AWS PrivateLink, function URLs do not.

profile picture
EXPERT
answered 2 months ago
profile picture
EXPERT
reviewed a month ago
1

You always invoke Lambda functions using the public Invoke API. Even if you use Function URL, it is public. This means that in order to invoke a function directly, you need to access the internet.

profile pictureAWS
EXPERT
Uri
answered 2 months ago
profile picture
EXPERT
reviewed 18 days ago
  • Thank again. For an Example, If I invoke the lambda by another lambda in the same account using the boto3 library for Python, does it still traverse through public internet?

  • Ahh may be so since lambdas run on their own VPCs?

  • You need to go outside the VPC using Lambda VPC endpoint or a NAT Gateway. It uses public IP addresses, but it remains in our backbone. It does not traverse the public internet.

1

Hi, if what you are trying to achieve is to invoke your second lambda function without using the public service endpoint, you can create a vpc interface endpoint to the Lambda service in your VPC 1 to communicate with Lambda service (to invoke other Functions). As your Lambda 1 is configured to access your vpc, you can use the aws sdk (boto3 in python) to invoke your Lambda 2 and use the created private endpoint in the lambda client creation in your code, informing the private endpoint with the endpoint_url parameter. Please take into account that invoking a Lambda function in other account using the AWS SDK, you need to use AWS STS (Security Token Service) from within your code in order to assume a role in the second account that gives you permissions to execute the second Lambda function. Additionally when using vpc endpoints, private link fees applies. Please check: https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc-endpoints.html https://boto3.amazonaws.com/v1/documentation/api/latest/reference/core/session.html (check here the endpoint_url parameter) https://aws.amazon.com/privatelink/pricing/

AWS
answered 2 months ago
profile picture
EXPERT
reviewed 18 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions