Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it possible to assign a public IP to a Lambda function in AWS?

Tags:

amazon-web-services

amazon-ec2

aws-lambda

We need to access APIs in a corporate backend that accept calls only from authorised IP addresses.

At this moment our mobile clients are calling an AWS Lambda function that performs some transformations and then calls another service on an EC2 instance that has the authorised public IP address assigned. This second service performs the final call to the corporate backend returning the data to the lambda and then to the clients.

This is working fine, but it adds some unnecessary complexity to the architecture that we wish to avoid.

Is it possible to assign the public IP to the lambda function somehow to avoid having this extra service in EC2?

Thanks,

GA

like image 985
G A Avatar asked Dec 22 '16 07:12

G A

People also ask

Can AWS Lambda have public IP?

No, Lambda functions do not get a public IP, regardless of the auto-assign IPv4 address setting. They cannot have public IPs. To reach the internet, they must route through a NAT (which routes to an IGW).

How do I give Internet access to a Lambda function?

To give internet access to an Amazon VPC-connected Lambda function, route its outbound traffic to a NAT gateway or NAT instance in a public subnet. For more information, see Internet gateways in the Amazon VPC User Guide.

Can we assign Elastic IP to Lambda?

No. You cannot associate an Elastic IP (EIP) address with an AWS Lambda function.

1 Answers

The straightforward solution is this:

  • create a NAT Instance or NAT Gateway with an Elastic IP address

  • create a private VPC subnet which uses the NAT device as its default route

  • deploy the Lambda function in VPC, associated with that private subnet.

Each Lambda container created will have an elastic network interface (ENI) on that private subnet, which means the NAT device will be its default gateway, which means the NAT device's EIP will be its source IP address for internally-originated connections that are bound for the Internet.

No change to the lambda function code, itself is required.

The above is the official solution.

Note also that with current technology, placing a Lambda funcion inside a VPC will have an impact on cold-start times, any time a new Elastic Network Interface (ENI) needs to be allocated.

When a Lambda function is configured to run within a VPC, it incurs an additional ENI start-up penalty.

https://docs.aws.amazon.com/lambda/latest/dg/vpc.html

like image 176
Michael - sqlbot Avatar answered Sep 20 '22 14:09

Michael - sqlbot
Sign in to Comment

Related questions

Multiple Pages on a Static Website AWS S3
What ports does pip use?
Upload files to Amazon S3 With Dropzone.js issue
Can't run binary from within python aws lambda function
Remove nested attribute in dynamodb
aws sdk for mac os x application development [closed]
How to redirect AWS sdk logging output
(AWS/EC2/EBS) Why does "Delete on Termination" default to true for root devices?
Differences between 'root account credentials' and 'IAM user credentials'
How to ensure AWS Elastic Beanstalk is free
CloudFormation Stack Errors with REST API Doesn't Contain Any Methods
AWS CDK -- Cannot find module '@aws-cdk/aws-ec2'
Route53 and Cloudfront The request could not be satisfied?
Map multiple subdomains to same S3-bucket
Increase the root device size in cloudformation autoscaling group
Allowing third party users to upload files into your AWS S3 fs [closed]
AWS Powershell to retrieve AWS account number
How to talk to aws elasticsearch service using elastic java client?
Multiple AWS Lambda functions on a Single DynamoDB Stream
How to attach and mount volumes to an EC2 instance using CloudFormation

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!