skip to Main Content

I know that the Lambda service uses an internal VPC for all the Lambda functions created in default mode (Lambda functions not connected to my private VPCs). This "Lambda service VPC" has access to internet and other AWS services.

So my question is: does it use internet to access to other AWS services (for example, S3) or it uses a private connection through the AWS backbone to access these other services? I would like to know if when I call AWS services from the Lambda this request goes through internet or does not leave AWS network.

2

Answers


  1. According to AWS Lambda Security Overview Whitepaper there’s a passage on how requests are handled:

    Traffic within the Lambda service (from the load balancer down)
    passes through an isolated internal virtual private cloud (VPC), owned by the Lambda service, within the
    AWS Region to which the request was sent.

    Invocation model:

    enter image description here

    Full documentation on Lambda Invoke Modes is here.

    Login or Signup to reply.
  2. According to AWS’ FAQ on VPC:

    Q. Does traffic go over the internet when two instances communicate
    using public IP addresses, or when instances communicate with a public
    AWS service endpoint? No. When using public IP addresses, all
    communication between instances and services hosted in AWS use AWS’s
    private network. Packets that originate from the AWS network with a
    destination on the AWS network stay on the AWS global network, except
    traffic to or from AWS China Regions.

    If traffic from an instance with a public IP to an AWS service uses the AWS private network then this will most certainly also apply to traffic from Lambdas to AWS services (incl. Lambdas connected to VPC).

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search