{"id":3591,"date":"2020-02-12T16:39:33","date_gmt":"2020-02-12T08:39:33","guid":{"rendered":"https:\/\/www.ookangzheng.com\/?p=3591"},"modified":"2020-05-24T15:58:03","modified_gmt":"2020-05-24T07:58:03","slug":"allowing-aws-lambda-reaching-internet-via-nat-and-vpc","status":"publish","type":"post","link":"https:\/\/www.ookangzheng.com\/allowing-aws-lambda-reaching-internet-via-nat-and-vpc\/","title":{"rendered":"Allowing AWS Lambda reaching Internet via NAT and VPC"},"content":{"rendered":"\n

Dev environment<\/h3>\n\n\n\n
  1. Serverless framework<\/li>
  2. Nodejs 12.x LTS<\/li><\/ol>\n\n\n\n

    Github repo: https:\/\/github.com\/ookangzheng\/aws-lambda-with-nat-vpc-example<\/a><\/p>\n\n\n\n

    handler.js<\/h3>\n\n\n\n
    \/\/ handler.js\n\/\/ node12.x version\n\nmodule.exports.hello = async event => {\n  \n  const fetch = require('node-fetch')\n  const os = require( 'os' );\n\n  let networkInterfaces = os.networkInterfaces( ); \n  console.log( networkInterfaces );\n  console.log('Fetch start')\n  let a = await fetch('http:\/\/www.e-try.com\/black.htm')\n  console.log(`${JSON.stringify(a) + a.status } log out RESPONSE `)\n  console.log('Fetch end')\n  return {}\n};\n\n<\/code><\/pre>\n\n\n\n
    Serverless configuration<\/h3>\n\n\n\n
    \/\/ serverless.yml\n \nservice: testlambdanatvpc\nprovider:\n  name: aws\n  runtime: nodejs12.x\n  stage: dev \n  region: us-east-2\n  vpc:\n      securityGroupIds:\n        - \"Fn::GetAtt\": ServerlessSecurityGroup.GroupId\n      subnetIds:\n        - Ref: ServerlessPublicSubnetA\n\n\nfunctions:\n  hello:\n    handler: handler.hello\n  \nresources:\n  Resources:\n    ServerlessVPC:\n      Type: AWS::EC2::VPC\n      Properties:\n        CidrBlock: \"10.0.0.0\/16\"\n    ElasticIpLambda:\n      Type: AWS::EC2::EIP\n      Properties:\n        Domain: vpc\n    InternetGatewayLambda:\n      Type: AWS::EC2::InternetGateway\n    VPCGatewayAttachmentLambda:\n      Type: AWS::EC2::VPCGatewayAttachment\n      Properties:\n        VpcId:\n          Ref: ServerlessVPC\n        InternetGatewayId:\n          Ref: InternetGatewayLambda\n    NatGatewayLambda:\n      Type: AWS::EC2::NatGateway\n      Properties:\n        AllocationId:\n          Fn::GetAtt:\n            - ElasticIpLambda\n            - AllocationId\n        SubnetId:\n          Ref: ServerlessPublicSubnetA\n    ServerlessPrivateSubnetA:\n      DependsOn: ServerlessVPC\n      Type: AWS::EC2::Subnet\n      Properties:\n        VpcId:\n          Ref: ServerlessVPC\n        AvailabilityZone: ${self:provider.region}a\n        CidrBlock: \"10.0.3.0\/24\"\n    ServerlessPublicSubnetA:\n      DependsOn: ServerlessVPC\n      Type: AWS::EC2::Subnet\n      Properties:\n        VpcId:\n          Ref: ServerlessVPC\n        AvailabilityZone: ${self:provider.region}a\n        CidrBlock: \"10.0.2.0\/24\"\n    DefaultPrivateRouteTable:\n      Type: AWS::EC2::RouteTable\n      Properties:\n        VpcId:\n          Ref: ServerlessVPC\n    DefaultPublicRouteTable:\n      Type: AWS::EC2::RouteTable\n      Properties:\n        VpcId:\n          Ref: ServerlessVPC\n    DefaultPublicRoute:\n      Type: AWS::EC2::Route\n      Properties:\n        RouteTableId:\n          Ref: DefaultPublicRouteTable\n        DestinationCidrBlock: 0.0.0.0\/0\n        GatewayId:\n          Ref: InternetGatewayLambda\n    DefaultPrivateRoute:\n      Type: AWS::EC2::Route\n      Properties:\n        RouteTableId:\n          Ref: DefaultPrivateRouteTable\n        DestinationCidrBlock: 0.0.0.0\/0\n        NatGatewayId:\n          Ref: NatGatewayLambda\n    SubnetRouteTableAssociationLambdaPrivateA:\n      Type: AWS::EC2::SubnetRouteTableAssociation\n      Properties:\n        SubnetId:\n          Ref: ServerlessPrivateSubnetA\n        RouteTableId:\n          Ref: DefaultPrivateRouteTable\n    SubnetRouteTableAssociationLambdaPublicA:\n      Type: AWS::EC2::SubnetRouteTableAssociation\n      Properties:\n        SubnetId:\n          Ref: ServerlessPublicSubnetA\n        RouteTableId:\n          Ref: DefaultPublicRouteTable\n    ServerlessSecurityGroup:\n      DependsOn: ServerlessVPC\n      Type: AWS::EC2::SecurityGroup\n      Properties:\n        GroupDescription: SecurityGroup for Serverless Functions\n        VpcId:\n          Ref: ServerlessVPC<\/code><\/pre>\n\n\n\n
    Source<\/p>\n\n\n\n
    1. https:\/\/aws.amazon.com\/premiumsupport\/knowledge-center\/internet-access-lambda-function\/<\/li>
    2. https:\/\/serverless.com\/framework\/docs\/providers\/aws\/guide\/functions\/<\/li><\/ol>\n","protected":false},"excerpt":{"rendered":"
      Here is the example show you that how to route AWS Lambda to internet through VPC and NAT<\/p>\n","protected":false},"author":1,"featured_media":3599,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[93,32],"tags":[],"class_list":["post-3591","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aws","category-technology"],"_links":{"self":[{"href":"https:\/\/www.ookangzheng.com\/wp-json\/wp\/v2\/posts\/3591","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ookangzheng.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ookangzheng.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ookangzheng.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ookangzheng.com\/wp-json\/wp\/v2\/comments?post=3591"}],"version-history":[{"count":0,"href":"https:\/\/www.ookangzheng.com\/wp-json\/wp\/v2\/posts\/3591\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ookangzheng.com\/wp-json\/wp\/v2\/media\/3599"}],"wp:attachment":[{"href":"https:\/\/www.ookangzheng.com\/wp-json\/wp\/v2\/media?parent=3591"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ookangzheng.com\/wp-json\/wp\/v2\/categories?post=3591"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ookangzheng.com\/wp-json\/wp\/v2\/tags?post=3591"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}