What is the downside of NOT running AWS Lambda functions in a VPC?

Question

I am running AWS Lambda functions in a VPC.

And during the course of the project I have hit problems because:

• no access to my database - had to solve this somehow
• no access to AWS SES - had to find workaround
• no access to AWS SQS -removed all queuing functionality from Lambda functions
• no access to external Internet - still don't know how to implement ReCapthca without Internet access
• no access to AWS Cognito - cannot get information about logged in users

I COULD implement a NAT gateway in the VPC but what is the point of serverless if I have to run a NAT server instance? That's not serverless.

So finally AWS has worn me down and I have decided to give up on running my AWS Lambda functions in a VPC - without endpoints for Internet proxying and the various AWS services its just too hard.

SO my question is - what is the downside/disadvantage of running my AWS Lambda functions with no VPC?

Answer 1

If you need access to resources within a VPC, then run your AWS Lambda function within a VPC. If you do not require this access, then do not run it within a VPC.

If you require Internet access, then you should connect your Lambda functions to a Private Subnet and use a NAT Gateway, which is a fully-managed NAT so you can remain serverless. It will solve the problems you listed.

Answer 2

AWS has provided a reference document for Lambda deployments: Serverless Application Lens, AWS Well-Architected Framework. In it they provide the following decision tree:

The only major downside noted is that a Lambda outside of a VPC cannot directly access private resources within a VPC.