enabling-lambda-vpc-internet-access
Enabling Lambda VPC Internet Access
Overview
Domain expertise for enabling internet access from AWS Lambda functions running inside VPC private subnets. Lambda functions in a VPC cannot receive public IP addresses, so outbound internet access requires NAT Gateway infrastructure that routes traffic from private subnets through a public subnet to an Internet Gateway.
Enable internet access for a VPC Lambda function
To set up NAT Gateway infrastructure and configure routing for a Lambda function that needs internet access, follow the procedure exactly. See Lambda VPC internet access setup procedure.
Troubleshooting
NAT Gateway not working
Verify the route table associated with the Lambda subnets has a 0.0.0.0/0 route pointing to the NAT Gateway. See the full procedure for details.
Lambda function timeout
Check that security group outbound rules allow the necessary ports and that both the NAT Gateway and Internet Gateway are properly configured.
Network changes not taking effect
VPC networking changes can take 1–2 minutes to propagate. Wait before testing after creating a NAT Gateway or updating route tables.
Route table association issues
Confirm the Lambda function's subnets are associated with the route table that has the 0.0.0.0/0 route to the NAT Gateway.
More from aws/agent-toolkit-for-aws
aws-iam
Verified corrections for IAM behaviors that AI agents frequently get\
222aws-serverless
Builds, deploys, manages, debugs, configures, and optimizes serverless applications on AWS using Lambda, API Gateway, Step Functions, EventBridge, and SAM/CDK. Covers cold starts, CORS debugging, event source mappings, troubleshooting, concurrency, SnapStart, Powertools, function URLs, EventBridge Scheduler, Lambda layers, Durable Functions, durable execution, checkpoint-and-replay, and production readiness. Use when the user mentions Lambda, API Gateway, Step Functions, SAM templates, CDK serverless stacks, DynamoDB stream triggers, SQS event sources, cold starts, timeouts, 502/504 errors, throttling, concurrency, CORS, Powertools, Durable Functions, durable execution, checkpoint-and-replay, or any event-driven architecture on AWS, even if they don't say "serverless." Do NOT use for EC2, ECS/Fargate containers, or Amplify hosting.
202aws-sdk-python-usage
|
195aws-cloudformation
Author, validate, and troubleshoot AWS CloudFormation templates. Covers template authoring with secure defaults, pre-deployment validation (cfn-lint, cfn-guard, change sets), and root-cause diagnosis of failed stacks using CloudFormation events and CloudTrail correlation.
194aws-cdk
Authors, deploys, and troubleshoots AWS infrastructure using CDK with TypeScript or Python. Covers best practices, stack architecture, and construct patterns. Always use when writing CDK constructs, bootstrapping environments, running cdk deploy/synth/diff, fixing CDK or CloudFormation errors, planning stack structure, importing existing resources, resolving drift, or refactoring stacks without resource replacement.
193aws-messaging-and-streaming
>
162