6

I am trying to discover the VPC IP address or AWS ENI of the currently executing AWS Lambda so that I can use the IP address to filter the VPC logs to find matching records. The Lambda is running in a VPC and does not have a public IP address.

I have tried various techniques suggested here:

Finding local IP addresses using Python's stdlib

but these do not work for me because I think they are showing the IP address of the container from the container's point of view and not the VPC's point of view.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
jonseymour
  • 1,006
  • 1
  • 12
  • 22
  • 1
    Unless the IP you're getting is 127.0.0.1 or 0.0.0.0, I actually think the IP you'd get from the procedure outlined in the link you posted *is* the IP you need, since it would be the IP of the machine within the VPC. Unless of course you have a more complicated setup with multiple subnets or something of the sort in there, but you made no mention of this. – Grismar Sep 10 '19 at 01:40
  • are you expecting IP address as key to find current aws lambda logs? – mkrana Sep 10 '19 at 05:09
  • I'm also trying to figure this out because we had a LAMBDA failing mysteriously with connection issues because one of the subnets did not have its access configured correctly. If I could _log_ what IP the LAMBDA is using then I could determine its subnet in the VPC and better diagnose problems stemming from that – Neil C. Obremski Mar 18 '20 at 19:18

2 Answers2

0

A partial answer is that an ENI is setup when the lambda was created rather than each time it is run. It seems, but I am not sure, that lambdas running the same VPC with the same security group share the same ENI. So, strictly speaking, I don't need to discover the IP address at runtime from code in the lambda itself. Rather, I can just inspect the Network Interfaces console to discover the lambda ENI and use that for my filtering purposes (provided, of course, that there is not too much traffic from other lambdas running on the same network interface).

jonseymour
  • 1,006
  • 1
  • 12
  • 22
0

Our solution for this was to generate a private API within the VPC, with a mock response that will tell you the private IP address you called from. Then query the EC2 DescribeNetworkInterfaces api based on that private IP.

Since this is time expensive, we only run it on a cold start, not on every lambda run.

Adrian Mazza
  • 9
  • 2