Sometimes we may face a situation where we need to send data to a third party which only accepts traffic from a whitelisted IP address. By default, a Lambda function may use a different IP address each time it runs. This is not ideal for the situation mentioned before. However, Lambda supports running our code inside a VPC. This allows us to configure Lambda to run inside a private subnet that is connected to a NAT instance with a fixed IP so that all the outgoing connections will use this fixed IP.

In this tutorial, we are going to setup a Lambda function that always runs with a static IP. So first, we will allocate an Elastic IP address. Go to VPC -> Elastic IPs and then allocate a new IP address.

Take note of this IP address as this will be the outgoing IP of our Lambda Function.

Now open up the VPC Dashboard and select the Start VPC Wizard.

Choose `VPC with Public and Private Subnets`

In the next page, choose a name for the VPC and add the Elastic IP that we created in the previous step.

Now we will check and confirm everything we need is present. First, we will check our VPC itself.

There will be an Internet Gateway.

And a NAT instance with our Elastic IP attached and our Public Subnet attached to it.

Now go to Subnets. There will be a public subnet.

And private subnet.

Now go to route tables. There will be a public route which routes 0.0.0.0/0 to our Internet Gateway.

There will also be a private route table which routes 0.0.0.0/0 to our NAT instance.

Now that the VPC is setup and configured properly, go to Lambda service and create a blank Lambda function to test.

For testing, we will use a simple Python function that sends traffic to a website. An example code is given below.

def lambda_handler(event, context):
# TODO implement
import pycurl
c = pycurl.Curl()
c.setopt(c.URL, 'http://mytestingdomain.example')
c.perform()

In the Advanced Settings of Lambda, set VPC as our previously created VPC, set the subnet as our private subnet and use the default security group.

Now, we will run the lambda function and then check the website's access log.

As it shows, the traffic is coming from the Elastic IP. When sending traffic to third parties, they can whitelist this Elastic IP address so that our Lambda function works without any issue.

Comments (3)

  • Jhonathon Doe
  • Posted on 29 Jun, 2017

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

  • Jhonathon Doe
  • Posted on 29 Jun, 2017

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

  • Jhonathon Doe
  • Posted on 29 Jun, 2017

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

Leave Us A Comment