Menu
So if I have two lambdas, one inside a private VPC, and one not on a VPC, calling the private lambda from inside the public lambda works but I cant call the public from the private lambda.
There's no NAT setup.
Why is this? It seems that I should not be able to call the private from the public theoretically.
494
You can call any of the Lambda API operations from your VPC. For example, you can invoke the Lambda function by calling the Invoke API from within your VPC. For the full list of Lambda APIs, see Actions in the Lambda API reference.
If your Lambda function is VPC attached, it needs to be able to communicate via your VPC to the AWS API. Lambdas do not talk to other Lambdas over the network, they initiate requests with the AWS API or an API Gateway, which passes the request on to the Lambda Function.
By default, Lambda functions are not launched within a virtual private cloud (VPC), so they can only connect to public resources accessible through the internet.
This is not possible with Lambda. Lambda functions can provide access only to one single VPC. If there are multiple subnets and are specified, then they must all be in the same VPC. You then can connect to the other VPCs by peering your VPCs.
In order to trigger a Lambda function, all that's required is for the caller to have outbound access to the Invoke AWS API. It is not necessary for the invoked Lambda function to have any open inbound ports, or any public Internet access.
So a public (non-VPC, has Internet access) Lambda function can call the Invoke API to trigger the private Lambda function, but the private VPC (no Internet access) Lambda function cannot access the Invoke API to trigger any Lambda function.
194
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
