I need to access Redshift regional endpoint programmatically to restore a table using boto3 APIs. My code is inside a lambda function bound to a restricted subnet (not NATs). So for accessing AWS services inside this lambda like Glue and Athena I use VPC endpoints but there is no VPC endpoint for Redshift and I cannot run my boto3 API (getting "Connect timeout on endpoint URL: "https://redshift.us-east-1.amazonaws.com/"). I believe the only way to make this work is to route traffic to a NAT instance/gateway. Is there any other solution?
0
votes
1 Answers
0
votes
You are correct that there is no VPC Endpoint available for Amazon Redshift. Any API calls will need to be made via the Internet.
This could be accomplished by installing a NAT Gateway in a public subnet of your VPC.
An alternative approach would be to create an additional AWS Lambda function that is not associated with your VPC. This means that it will have access to the Internet (but not the VPC).
Your existing Lambda function could call the 'external' Lambda function, which would then call Amazon Redshift. However, this would require an API Gateway and a VPC Endpoint for API Gateway because there is no VPC Endpoint for Lambda.
See a similar discussion on Reddit: Access Lambda service from Lambda in a VPC : aws
You could also go via Amazon SNS and a VPC Endpoint for SNS, with SNS then triggering the Lambda function (but you would not receive a 'return signal' when it has completed).
