1

I have 2 lambdas, both inside my VPC. There are 4 subnets inside my VPC, 2 are public and 2 are private.

I have one lambda inside one private subnet and other one inside public subnet. When I am trying to call the lambda in private subnet from the one in public subnet, it times out. I am using the boto3 to make lambda to lambda call as given here.

However, I am able to call the lambda from public subnet to a new lambda created in other public subnet inside the same VPC.

There is no NAT attached to the public subnet. Why this might be happening?

Tushar Sinha
  • 11
  • 3

1 Answers1

2

The call from public subnet times out because lambda function in a VPC does not have public IP nor internet access. From docs:

Connecting a function to a public subnet does not give it internet access or a public IP address.

Also, you can't call lambda through its elastic network interface (ENI) when it is in a VPC. The VPC functionality for lambda is for your functions to call private resources in the VPC, not the other way around.

In other words, the only reason to put a lambda in a VPC is to access its private resources (e.g. RDS in private subnet). It doesn't not allow, e.g., a private instance in a private subnet to call your lambda function without NAT gateway/instance.

Marcin
  • 215,873
  • 14
  • 235
  • 294
  • Ok. I get it that call from public subnet to private subnet is failing because it apparently has no internet access. But how is the public subnet lambda able to call the other public subnet lambda ? – Tushar Sinha May 29 '20 at 12:04
  • @TusharSinha I think you have something wrong with your setup that you think you can do this. Please double check the two lambdas and their settings. – Marcin May 29 '20 at 12:26