Was not able to find any security groups for AWS Lambda.
Is there a way to allow access from AWS Lambda to RDS without alowing all IPs (0.0.0.0/0) and without allowing all Amazon IP Range?
12
votes
3 Answers
4
votes
This feature is out as of yesterday
https://aws.amazon.com/blogs/aws/new-access-resources-in-a-vpc-from-your-lambda-functions/
4
votes
As @user5919440 suggests, now that this new feature is out:
https://aws.amazon.com/blogs/aws/new-access-resources-in-a-vpc-from-your-lambda-functions/
...you simply need to tell AWS Lambda which VPC subnets to bind to your function. The function then can communicate with any AWS service that also has access to that subnet.
This means that you should be able to add a security group in your RDS that allows traffic from the same internal subnet (10.x.x.x) that your Lambda function is bound to.
0
votes
There currently isn't, and a moment's reflection suggests that if there were, if would be a false sense of security -- the traffic wouldn't be assured to be from your Lambda functions... but from anybody's -- the IP addresses are pooled.
There have been hints of a future mechanism to allow a cleaner trust relationship between Lambda and VPC, perhaps implemented with the VPC Endpoint feature (currently available only with S3), or perhaps differently... no details have been forthcoming, so far.
