Skip to content

Instantly share code, notes, and snippets.

@reggi
Last active August 21, 2024 18:01
Show Gist options
  • Save reggi/dc5f2620b7b4f515e68e46255ac042a7 to your computer and use it in GitHub Desktop.
Save reggi/dc5f2620b7b4f515e68e46255ac042a7 to your computer and use it in GitHub Desktop.

How to setup AWS lambda function to talk to the internet and VPC

I'm going to walk you through the steps for setting up a AWS Lambda to talk to the internet and a VPC. Let's dive in.

So it might be really unintuitive at first but lambda functions have three states.

  1. No VPC, where it can talk openly to the web, but can't talk to any of your AWS services.
  2. VPC, the default setting where the lambda function can talk to your AWS services but can't talk to the web.
  3. VPC with NAT, The best of both worlds, AWS services and web.

I'm gonna walk you through the steps to set up number 3.

Note: This tutorial isn't exactly in order of steps, you may need to create one thing (subnet, nat, route table) then go back into the settings for something previously created and edit it to use a newly thing.

Creating Subnets

VPC Dashboard > Subnets

This is what I had to start with, my existing vpc that I wanted to connect to already had 4 subnets. Here I noticed I had a couple of subnets already set up. Below is a totally fake ip I pulled from the internet. But the patten of increments of 16 is recreated here.

Note: DO NOT use 131.179.0.0/16 it's just an example.

VPC CIDR
vpc-████████ (131.179.0.0/16) 131.179.0.0/20
vpc-████████ (131.179.0.0/16) 131.179.16.0/20
vpc-████████ (131.179.0.0/16) 131.179.32.0/20
vpc-████████ (131.179.0.0/16) 131.179.48.0/20

Here I created three four new subnets.

VPC CIDR name
vpc-████████ (131.179.0.0/16) 131.179.64.0/20 lambda-subnet-point-to-nat-1
vpc-████████ (131.179.0.0/16) 131.179.80.0/20 lambda-subnet-point-to-nat-2
vpc-████████ (131.179.0.0/16) 131.179.96.0/20 lambda-subnet-point-to-nat-3
vpc-████████ (131.179.0.0/16) 131.179.112.0/20 lambda-subnet-point-to-igw

Note: Here igw stands for Internet Gateway and nat stands for network address translation gateway (NAT Gateway).

Three of them will point to the nat and one points to the igw.

Let's create the Route Tables now.

Creating Route Tables

VPC Dashboard > Route Tables

Your going to want to set up two Route Tables.

One that points to your nat let's call this lambda-rt-to-nat:

Destination Target
131.179.0.0/16 local
0.0.0.0/0 nat-█████████████████

One that points to your igw let's call this lambda-rt-to-igw:

Destination Target
131.179.0.0/16 local
0.0.0.0/0 igw-████████

Your gonna want to go into each of the subnet and assign them to their corresponding route table.

subnet name route table name
lambda-subnet-point-to-nat-1 lambda-rt-to-nat
lambda-subnet-point-to-nat-2 lambda-rt-to-nat
lambda-subnet-point-to-nat-3 lambda-rt-to-nat
lambda-subnet-point-to-igw lambda-rt-to-igw

Set your lambda up

Lambda > Functions > my-function > Configuration > Advanced Settings

Now you want to set up your lambda function to use the subnets you created.

Setup your lambda to use your VPC.

VPC

vpc-████████ (131.179.0.0/16)

Here you setup lambda to use the subnets that point directly to your nat.

Subnets*

subnet name
lambda-subnet-point-to-nat-1
lambda-subnet-point-to-nat-2
lambda-subnet-point-to-nat-3

Create a NAT

VPC Dashboard > NAT Gateways > Create NAT Gateway

Your going to want click Create NAT Gateway and set the Subnet* to lambda-subnet-point-to-igw, and Create New EIP.

Fin

That should be it! Your lambda should be able to talk to both the VPS and the web through a NAT! Comment below if you need help or want to clarify anything here!

Links

Shameless SEO terms

  • amazon lambda nat
  • aws lambda vpc web
  • aws lambda rds and web
  • aws lambda rds and http request
  • lambda timeout
  • AWS lambda timeout random vpc
@DerWanderer
Copy link

Very helpful! This was better than the Amazon docs for boiling down the essential steps. Use Amazon docs for the details, this for the solution!

@hmuncaster
Copy link

Ive set this all up but my function is timing out. Im trying to access KMS to decrypt my key. Any ideas? Thanks!!

@velopert
Copy link

If you are running small services, consider using NAT Instance instead of using NAT Gateway. You can solve the issue with cheaper price.

I have been using NAT Gateway for a year, and always thought that this is too expansive since the usage of NAT gateway isn't that high in my service :( I wish I knew about this earlier.

@jarridlima
Copy link

Thanks a lot!!!! Works for me!

@Ambro17
Copy link

Ambro17 commented Jul 25, 2020

This article made me understand why this works besides following the step by step. You might also find it useful.
https://medium.com/@shontauro/how-can-i-turn-my-restful-api-into-a-serverless-application-and-deploy-it-to-aws-lambda-step-by-8ff6cc97780f

@thongxuan
Copy link

Beware of NAT pricing because it's not free.

@thulasi-ram
Copy link

is there something on how to setup this using an vpc endpoint instead of a NAT gateway?

rel: https://stackoverflow.com/a/52994841/6323666

@Mitko-Kerezov
Copy link

This saved me quite a lot of struggling - eternally grateful for the article, 10/10!

@waxmoth
Copy link

waxmoth commented Apr 28, 2021

Thank you! Works for me!!!

@mervintankw
Copy link

Thanks! This works for me too 👍

@0t3dWCE
Copy link

0t3dWCE commented Aug 9, 2022

And how the fuck I must to solve the issue with boto3 hangs up in lambda without this....
Nice!

Advice: Create new VPC for Lambda! Don't use your current production one, if you don't understand what is 'route tables', igw, nat or you under the risk to stop the show.

@mojoalan
Copy link

mojoalan commented Aug 10, 2022

Holy crap what a mess, but it works. Just be very careful to follow the pattern for the CIDR values in the new subnets you will create. I had to inspect my existing subnets and pick up where they left off, incrementing the CIDR by 16 for each. So I wound up creating subnets with CIDR values of:

131.179.96.0/20
131.179.112.0/20
131.179.128.0/20
131.179.144.0/20

AND please be careful to note that the 131.179 portion is dummy data - you have to look at your existing subnets and get your values there.

Lastly... I tested connectivity to my RDS instance as I went through the steps. It was when I applied the new subnets to the Lambdas' VPC that they lost connectivity to RDS. So I added my previous subnets back in, and then each Lambda has 5 subnets in it's VPC assignment - three that go through to the nat and two that go to RDS. This allowed my Lambdas to hit both networks.

@pepegc
Copy link

pepegc commented Dec 9, 2022

Thanks this helped a lot. I set it up and it worked, but then after a while I am back as before... Lambda timing out. Are there any additional configurations to be made to the NAT or subnets so that they don't sleep or something? Also, why 3 subnets pointing to NAT?

@rydogjones
Copy link

Check out a new feature on Lambda called SnapStart. That might fix the timeouts.
I haven't tried it though.

@RickGroenewegen
Copy link

At the point where you say: 'One that points to your nat let's call this lambda-rt-to-nat' I don't have any NAT's to choose from. Should I create one first at this point? Could you provide me with the correct settings for it?

@reggi
Copy link
Author

reggi commented Sep 24, 2023

@RickGroenewegen Hey Rick, I'm sorry I can't answer your question I haven't really been using AWS much lately.

@federico93
Copy link

You are my hero, thank you!!

@jspalink
Copy link

jspalink commented May 2, 2024

This was very helpful. Thank you

@troy-phoenix
Copy link

didnt work. still timeouts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment