I have one RDS instance which is mysql (default in VPC and public IP address is assigned). The public address of RDS is used for my lambda function and also direct access via mysql workbench.
I know use of security group to block and white-list for my custom ip address on direct access via mysql workbench. However, this disallow my lambda to access RDS due to limited ip address.
I tried before for putting lambda in one security group and allow inbound of the RDS security group for lambda security group. This works well for allows both RDS for lambda function and direct access. The problem is my lambda function loss the internet connectivity for using aws-sdk to call other's aws resources. Maybe require to use NAT gateway?
Any recommendation on: How to protect my RDS resource by only allow custom ip address and my lambda function? and my lambda function allows to call other's aws resource via API.
Thank you.