Lambda with vpc and internet access

Question

HI,
I have a lambda that retrieves data from the web and save it to an RDS.
The lambda and the RDS are part of the same VPC.
In order to allow access to the web i had to create an elastic IP and NAT gateway both are not in the free tier.
Is there any way to do this with in the free tier ?
Support told me I need to associate the elastic ip to the lambda to include it in the free tier but i dont see how can i do that.
Can i simply remove the lambda and RDS from the VPC to solve this ?
Thanks

Answer

Hi,

you can create a [NAT Instance](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html) and use it instead of a NAT Gateway. If an instance type under the free tier has sufficient performance for your use-case. 
When using a NAT instance you have to take care of managing the instance and you will also loose redundancy that is built into the NAT Gateway.

Cheers,  
Philipp

Answer

If your Lambda uses public subnets you can't grant it a public IP address to be able to use the IGW, but it is possible to attach an EIP to the Lambda's ENI.  Since the VPC Lambda networking improvements of 2019/20 these ENIs are long-lived but they still may be reclaimed if unused for consecutive weeks.  Also if you have high concurrency of Function execution additional ENIs may be automatically created which of course won't have EIPs.  If you can manage these issues, e.g. ensuring the Function is invoked occasionally and that concurrency is limited, this may work for you, and may be preferable to managing your own NAT Instance.  Of course NAT GW is still the AWS-approved solution.

Lambda with vpc and internet access

相關內容