Initially I have a lambda function that connects to a database in rds. Now I want to change the way I connect to the database and do it through an rds proxy.
I have created the rds proxy and assigned the vpc, subnet and security group that come by default.
Initially my lambda does not have any vpc associated, but in order to use the rds proxy I must use the same security group as the rds proxy.
Now when associating the lambda to the rds proxy vpc, the lambda has lost internet access.
I have tried to follow the steps they describe in this link https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/ but it has not been possible, I do not have much knowledge in networks :(
My current setup is as follows:
VPC:
ID: vpc-123
IPv4 CIDR: 172.31.0.0/16
Main route table:
ID: route-table-123
Routes (Destination -> Target):
172.31.0.0/16 -> local
0.0.0.0/0 -> igw-123
Main network ACL:
ID: acl-123
Inbound rules (Rule number,Type,Protocol,Port range,Source,Allow/Deny):
100,All Trafic,All,All,0.0.0.0/0,Allow
*,All Trafic,All,All,0.0.0.0/0,Deny
Outbound rules (Rule number,Type,Protocol,Port range,Source,Allow/Deny):
100,All Trafic,All,All,0.0.0.0/0,Allow
*,All Trafic,All,All,0.0.0.0/0,Deny
Subnet1:
IPv4 CIDR: 172.31.0.0/20
Route table: route-table-123
Network ACL: acl-123
VPC: vpc-123
Subnet2:
IPv4 CIDR: 172.31.16.0/20
Route table: route-table-123
Network ACL: acl-123
VPC: vpc-123
Subnet3:
IPv4 CIDR: 172.31.32.0/20
Route table: route-table-123
Network ACL: acl-123
VPC: vpc-123
Currently the lambda has associated the vpc, subnet1, subnet2 and subnet3.
Following the steps in this link https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/, I did the following in each step:
- I created a new subnet with the following values:
VPC: vpc-123
Name: public-subnet
Availability Zone: No Preference
IPv4 CIDR block: 172.31.48.0/20
Create an internet gateway and attach it to your Amazon VPC: In this step I did nothing, since the vpc already has an internet gateway associated with it through its Main route table
Create a NAT gateway: I created a NAT gateway with the following values:
Name: nat-gateway-public
Subnet: public-subnet
Connectivity type: Public
Elastic IP allocation ID: Click on button "Allocate Elastic IP"
- Create two custom route tables—one for your public subnet and one for your private subnet: In this step I created a route table for the public subnet, since the existing subnets had their own route table, the values for the new route table are as follows:
Name: route-table-public
VPC: vpc-123
Routes (Destination, Target)
172.31.0.0/16, local
0.0.0.0/0, nat-gateway-public
I also modified the public subnet (public-subnet), associating it with the new route table created (route-table-public).
- Verify that your network ACL allows outbound requests from your Lambda function, and inbound traffic as needed: In this step I did nothing, because the ACL (acl-123) allows all inbound and outbound traffic.
Finally I edited the network configuration of my lambda and associated the new subnet to it, but the lambda still does not have internet access.
Any idea what I'm doing wrong?
