Sunday, July 3, 2016

Accessing External IP Addresses from Lambda in a VPC

AWS Lambda is to compute what S3 is to storage. It is a simplified model where programs become stateless tasks named Lambda functions in Java, Python or Nodejs. Lambda functions can be triggered by HTTP call to the API Gateway, Cloudwatch time-based schedules or other AWS services. This is "just" stateless functions relying on the library you want. In return, don't bother with the infrastructure at all. Get a compute-model that scales out and is reliable. And best of all, pay for what you really use and not what you provision. I love Lambda as much as I love S3!

However, the devil remains in the details and there are a few of them: the security model; how Lambda connects to networks; How it scales; How to manage code; or how to deal with programming/debugging. Obviously, you can guess it takes some work to be able to kick off Lambda in milliseconds on distributed systems and it does not come for free. Even if you develop stateless functions. This article presents Lambda VPC setup or, more specifically, how to allow Lambda to access external networks and external endpoints from within a VPC.

But lets start with some good news: