stackoom
  简体   繁体   中英

How to connect AWS Lambda function inside a VPC to public resources like DynamoDB?

 原文  2016-08-18 23:43:54       amazon-web-services/ lambda/ routing/ amazon-dynamodb/ amazon-vpc

Question

I am trying to enable my VPC lambda function for ElasticCache to access DynamoDB. I know for this, I need to setup a NAT gateway. However, I am not able to make it work. My private subnet is in 172.31. . range.

These are the steps I am following:

  1. Create a public subnet with ip range in 10.0.0.0.
  2. Create a public VPC in the same IP range mentioned above.
  3. Create a public Internet gateway in the public VPC.
  4. Create a public route table, which is not the main route table and attach the public subnet to it. Then, add a route for 0.0.0.0/0 to the public Internet gateway created above.
  5. Create a NAT gateway in the public subnet. This NAT gets an Elastic IP and a Private IP in 10. . .* range.

Now I have 3 route table, two for my public subnets(10.0.0.0) and one existing for my private subnet(172.31.0.0) which is part of my private VPC.

My private route table has a route for 0.0.0.0/0 to my private Internet gateway.

I think I need to change this route to point to my public NAT gateway, however I am unable to do so as the private IP of my NAT lies in 10.0.0.0 range I guess. I am confused at this point on how to proceed. I tried creating a NAT gateway in private subnet and forwarding the route to it but it doesn't work too. What as I missing out?

2 answers

solution1
 0  2016-08-20 18:18:56

Silly, but are you by any chance mixing up the default VPC (172.31...) and the VPC you created (10.0...) . So, if you are seeing the route table for the default VPC's one, it is actually for the default subnet(s), which is public by the way!

solution2
 0 ACCPTED  2016-08-23 22:41:14

The mistake i was making was creating two VPC, one for private subnet and one for public. AWS VPC cannot communicate with each other unless Peering is enabled.

The notion of private and public subnet is ambiguous at first for a person from networking background. All it actually means, is the logical subnet which will be have resources accessible from internet(like web servers) and local resources like database server(which should be protected from internet).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Why can't an AWS lambda function inside a public subnet in a VPC connect to the internet? How does an AWS Lambda function scale inside a VPC subnet? How to connect AWS Lambda and RDS in VPC AWS: Can I give a Lambda function inside a VPC access to a public Websockets API Gateway? AWS lambda function in VPC unable to put item in Dynamodb table How to properly connect AWS Lambda to RDS in VPC? AWS Lambda unable to connect (intermittently) to MongoDB inside an AWS VPC Why use a VPC with AWS Lambda or AWS DynamoDB? How can I connect an AWS lambda inside a VPC to connect to a cloudformation stack? Is it possible to connect an AWS Lambda function without a VPC connection to AWS EFS?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM