Access Non-Public RDS Instance from Lambdas in Serverless Framework

1
votes

I have a Serverless Framework project consisting of about 5 Lambdas/API Gateway. I also have a publicly accessible RDS database.

My end goal is to have the RDS instance behind a VPC so it is not publicly accessible. This would mean also having the Lambdas in the VPC as well.

I'm under the impression that I need an Internet Gateway/Nat Gateway in order to allow my Lambdas to connect to the internet. I've setup a VPC with public/private subnets, and have created route tables for the Internet/NAT Gateways, but I'm confused where this leaves the API Gateway that comes with the Serverless Framework?

Is this pattern of accessing non public AWS resources from Lambdas in Serverless Framework supported?

1
amazon-web-servicesaws-lambdaserverless-frameworkamazon-vpc

1 Answers

1
votes

You shouldn't need to do any changes to the API gateway, as you are not "physically" placing function in a VPC, so that it is not accessible from the internet. The fact the lambda is associated with VPC or not, affects only lambda, not the api gateway integration with it.

Thus, your API gateway will still be able to invoke the lambda function as before. But now, the function will be able to access RDS in a VPC and you will need to setup NAT gateway for the function to access internet, if you need internet access.