AWS Lambda with Static IP Address

Balkaran Brar
Oct 8, 2019 · 4 min read

AWS Lambda is a serverless computing platform which is highly used in building serverless and event driven architectures on AWS. By default, Lambda function runs in a default system managed VPC. However, it is possible to run Lambda inside your VPC and that too in the private subnet to access your resources over private network.
There is a classic use case if you’ve hosted your APIs using API Gateway and Lambda. If you’re in banking/financial domain, most of the target system needs your IP to be whitelisted. But how can you whitelist the IP address of a Lambda since we cannot assign Elastic IP to a Lambda function. Well, here is the solution which not only sends requests originated from Lambda using a static IP but also interacts with other resources without going over the internet.
Let’s explore how it can be implemented.

Let’s create a new VPC for this demonstration. You can use existing VPC and follow rest of the applicable steps.

Now add public and private subnets.

Create Internet Gateway and attach it with the VPC

Create NAT Gateway and map an Elastic IP address

Create one route table each for public and private subnets. Edit the route table for public subnet and add default route of 0.0.0.0/0 to go through Internet Gateway. Similarly, edit the route table for private subnet and add default route of 0.0.0.0/0 to go through NAT gateway.

Let’s create a new security group which will be used by Lambda function. This security group will have NO inbound rules and all the outbound traffic will be allowed, which is also default in case of security groups.

All the above steps are related to VPC configuration. Now let’s create a new Lambda function and configure the VPC settings as per our configuration done above.

As you might have noticed, I’ve configured the VPC, private subnet and security group created above. Now the Lambda function will run in my VPC instead of the default system VPC. Since we have mapped a NAT gateway with the private subnet, any request from this Lambda function will go through NAT gateway, which eventually has an Elastic IP configured. Now the target systems can whitelist the Elastic IP address.

To test this out, let’s make a simple call to google.com and get the response code. A response code of 200 confirms that our Lambda function is able to make calls external to our VPC.

I hope it will be helpful. As I mentioned earlier this is a very common use case and the fix is super easy.
As always, Happy Learning!

P.S. Learn AWS Infrastructure Provisioning using AWS CDK with hands-on project. Please check out my comprehensive online course on AWS CDK.

Get the course for $5.99 for limited time.

Course URL : https://bit.ly/38fwcrV

Coupon Code: JULYFLASHSALE

Dream. Believe. Deliever

Cloud Prodigy
Balkaran Brar

Written by

Cloud Architect | DevOps Professional | Kubernetes | Data Analytics

Cloud Prodigy

Cloud Prodigy provides consulting services for Cloud Adoption & Migration, DevOps Enablement, Kubernetes Implementations and every other single thing required to run your operations in a secure, optimal and economical way.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store