I know that the Lambda service uses an internal VPC for all the Lambda functions created in default mode (Lambda functions not connected to my private VPCs). This "Lambda service VPC" has access to internet and other AWS services.
So my question is: does it use internet to access to other AWS services (for example, S3) or it uses a private connection through the AWS backbone to access these other services? I would like to know if when I call AWS services from the Lambda this request goes through internet or does not leave AWS network.
2
Answers
According to AWS Lambda Security Overview Whitepaper there’s a passage on how requests are handled:
Invocation model:
Full documentation on Lambda Invoke Modes is here.
According to AWS’ FAQ on VPC:
If traffic from an instance with a public IP to an AWS service uses the AWS private network then this will most certainly also apply to traffic from Lambdas to AWS services (incl. Lambdas connected to VPC).