We use elastic beanstalk to run our main application out of EC2, we also have an RDS instance in that VPC. Those instances have public IPs so it can use a standard internet gateway to access the internet. No problems there.
Now I have created a lambda function, associated it with the 3 subnets corresponding to the 3 AZs the EC2 instances live in. Everything is still good. My lambda can connect to those resources just fine.
My problem is I need my lambda to reach the internet. Normally I'd route the subnets it's in to 0.0.0.0/0 and route it out through a NAT gateway. However, because the EC2 and RDS instances in the subnets of the VPC my lambda is associated with have public IPs putting a NAT gateway in breaks their internet connectivity. How should I go about giving my lambda internet access, without breaking the IGW for the other Ec2 instances?
I was thinking of maybe creating 3 new subnets within the 3 AZs, associating that with my lambda function, create a NAT gateway in each AZ subnet, make the corresponding routes for each subnet. If I did that would my lambda still be able to access the EC2\RDS instances within the other subnets? I have a lambda sg and an ec2 sg and the lambda sg is permitted access to the ec2 sg. Hopefully this makes sense!
