13

Is there any way to make an AWS lambda receive an inbound TCP connection (for instance from another lambda)?

EDIT: I'm not asking whether it's possible to call a lambda from another.

JC1
  • 657
  • 6
  • 21
  • 1
    Possible duplicate of [Can an AWS Lambda function call another](https://stackoverflow.com/questions/31714788/can-an-aws-lambda-function-call-another) – stdunbar Feb 27 '18 at 23:57
  • 8
    That is not the same question. I'm talking about receiving a TCP connection, not about calling a lambda. – JC1 Feb 27 '18 at 23:59
  • 2
    any user case for details? Lambda runs as serverless service, you don't know its IP, then useless for inbound TCP traffic. – BMW Feb 28 '18 at 00:31
  • I imagine the lambda can publish the IP in some external service (e.g. S3) – JC1 Feb 28 '18 at 01:37

2 Answers2

8

No not directly. You can only make a connection to Lambda by going through API gateway via HTTP/HTTPS. Your lambda function will be given an HTTP endpoint but the IP address this resolves to is still API gateway and not your lambda function. Invoke a AWS Lambda function by a http request

Why?

I suspect its because each lambda function shares its IP address with lots of other lambda functions located on the VM. They run on containers on top of EC2 instances so you would have several customers running on the same IP address. I've seen no documentation detailing what AWS is really doing but I would guess each container runs on a different port so for you to connect directly to your container you'd need to know the "current" port and not just the IP address. Ontop of that, theres no reason to give the containers public IP addresses. They all probably live in a private subnet.

If you want more confirmation you can explore the AWS lambda console and find no lambda properties other than the HTTP endpoint for API gateway. And if you google the SDK docs you won't come across any IP address retrieval functions.

Usman Mutawakil
  • 4,993
  • 9
  • 43
  • 80
2

No.

I am sure AWS pretty much locked it down for obvious reasons.

Besides each container only lives for as long as something keeps on invoking it and dies after around five minutes of non-usage.

Noel Llevares
  • 15,018
  • 3
  • 57
  • 81
  • 1
    "For obvious reasons" is not explanatory and honestly doesn't make any sense, as there are no obvious reasons to lock down any particular port or protocol without knowing the underlying architecture... You're saying "for obvious reasons" about 65k ports without providing any explanation, while the service already provides communication via [at least] two: HTTP/TCP/80 and HTTPS/TCP/443. – Joseph Orlando Mar 20 '23 at 00:00