Lambda function in public subnet cannot access resources in private subnet

1
votes

I am new to using AWS. I have two route tables in my VPC. One route table with public subnets (main route table). Another custom route table with private subnets.

I have configured S3 VPC endpoint and added it to my custom route table with private subnets.

It is able to access s3 when the lambda function is also in the private subnets. But when the lambda functions in the public subnets, it is not able to connect to the S3.

Is it not possible for lamdas in public subnet to access private subnet resources?

1
amazon-web-servicesamazon-s3aws-lambda
Instead of adding lambda to public subnet, you may not want to add it to any subnet or add NAT to your public subnet for lambda to be able to reach out to internet. Adding lambda to public subnet doesn't really achieve anything.Asdfg

1 Answers

2
votes

Lambda can't be in public subnet. To access your private resources lambda must be in private subnet (docs):

Connect your function to private subnets to access private resources. If your function needs internet access, use NAT. Connecting a function to a public subnet does not give it internet access or a public IP address.

So your lambda in public subnet will not be able to access S3 over internet (it does not have public ip) nor using VPC gateway S3 endpoint (the endpoint is set to use private subnet).