How does Lambda no-vpc mode (default Lambda mode) function access other AWS services?

FranMoya
November 28, 2022
207 views
0 votes
2 Answers

I know that the Lambda service uses an internal VPC for all the Lambda functions created in default mode (Lambda functions not connected to my private VPCs). This "Lambda service VPC" has access to internet and other AWS services.

So my question is: does it use internet to access to other AWS services (for example, S3) or it uses a private connection through the AWS backbone to access these other services? I would like to know if when I call AWS services from the Lambda this request goes through internet or does not leave AWS network.

Tags: amazon-web-services aws-lambda

Answers

- baduker
- November 28, 2022 at 4:22 pm
- 0 votes
0
According to AWS Lambda Security Overview Whitepaper there’s a passage on how requests are handled:

Traffic within the Lambda service (from the load balancer down)
passes through an isolated internal virtual private cloud (VPC), owned by the Lambda service, within the
AWS Region to which the request was sent.

Invocation model:

Full documentation on Lambda Invoke Modes is here.

Login or Signup to reply.

- HenrikKoberg
- April 20, 2023 at 2:53 pm
- 0 votes
0
According to AWS’ FAQ on VPC:

Q. Does traffic go over the internet when two instances communicate
using public IP addresses, or when instances communicate with a public
AWS service endpoint? No. When using public IP addresses, all
communication between instances and services hosted in AWS use AWS’s
private network. Packets that originate from the AWS network with a
destination on the AWS network stay on the AWS global network, except
traffic to or from AWS China Regions.

If traffic from an instance with a public IP to an AWS service uses the AWS private network then this will most certainly also apply to traffic from Lambdas to AWS services (incl. Lambdas connected to VPC).

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.