Home > Uncategorized > Assign a static IP to an #AWS #lambda function

Assign a static IP to an #AWS #lambda function

To assign a static ip to Lambda function for outbound requests we need to deploy the lambda function in private subnet of a VPC which will be attach with a NAT gateway. As NAT Gateway is associated with an Elastic IP address so all the traffic from lambda function will be routed via this EIP.

Creating VPC: VPC is a virtual private cloud which consists of below components.

  1. CIDR block – Range of IP address which you VPC can have. It is defined like 10.0.0.0/16.

 For more information on cidr please refer this link : https://www.ionos.com/digitalguide/server/know-how/cidr-classless-inter-domain-routing/

  1. Subnets – A subnet, or subnetwork, is a segmented piece of a larger network. More specifically, subnets are a logical partition of an IP network into multiple, smaller network segments.

In this solution we have divided our VPC to one public subnet and one private subnet. Based on our requirement we can create multiple public and private subnets in our VPC.

  1. Route Tables: Each subnet is associated with a route table which defines the inbound and outbound traffic in that subnet.
  1. Internet Gateway: Public VPCs are the one which are accessible from Internet and to have connectivity from Internet each public subnet attached with an Internet Gateway.
  1. NAT Gateway: Private Gateways are the one which are not accessible from Internet. We keep our secure servers like Databases, application servers in our private subnet which do not need to directly expose to Internet. But these servers need to send outbound request to Internet for some scenarios like downloading the latest os or security patches. To allow Private subnet to send outbound traffic we need to attach a NAT gateway to Private subnet. This NAT Gateway need to be created in public subnet.
A close up of a map

Description automatically generated

Steps to create VPC:

To calculate CIDR for VPC and subnets you can use this site : https://mxtoolbox.com/subnetcalculator.aspx

A screenshot of a computer

Description automatically generated

This will create a VPC with CIDR range 20.0.0.0/16 and one public subnet with cidr 20.0.1.0/24.

A screenshot of a social media post

Description automatically generated

Once your VPC created with a public subnet you will see 2 route tables will be created automatically. One is default and one is attached to your public subnet. You can see which subnet is associated to your route table in details.

A screenshot of a social media post

Description automatically generated

Now give your route table proper name so that you can easily identify them.

If you click on your public route table and see Routes then you will see route from 0.0.0.0/0 to internet gateway. This internet Gateway was automatically created while creating the VPC.

If anytime this internet gateway is not created the you can create it from console and attach it to the route table with same configuration as below.

A screenshot of a computer screen

Description automatically generated
A screenshot of a social media post

Description automatically generated

Now as your VPC is created and a public subnet is created, we will create a private subnet.

Goto Subnets- > Create subnet- >enter details.

A screenshot of a social media post

Description automatically generated
A screenshot of a social media post

Description automatically generated

Now your two subnets are available as below:

A screenshot of a social media post

Description automatically generated

Now to we need to create a NAT Gateway and attach it to our private subnet. We must have an Elastic IP created in our account to create a NAT Gateway.

Important Note: NAT Gateway should always be created in a public subnet so that It can have access to Internet.

A screenshot of a cell phone

Description automatically generated
A screenshot of a social media post

Description automatically generated
A screenshot of a social media post

Description automatically generated

Once your NAT gateway is created, you need to attach it to your private subnet by adding a route in your private route table.

A screenshot of a computer

Description automatically generated

Click on Edit routes and add a route from 0.0.0.0/0 to your NAT Gateway and save.

A screenshot of a cell phone

Description automatically generated
A screenshot of a social media post

Description automatically generated

Once your route is created now associate your private subnet to this route table.

Goto Subnet Associations – > edit subnet associations-> select your subnet.

A screenshot of a social media post

Description automatically generated
A screenshot of a cell phone

Description automatically generated
A screenshot of a cell phone

Description automatically generated
A screenshot of a social media post

Description automatically generated

Now your VPC is ready with one public subnet and one private subnet.

Create a Lambda execution role for your VPC:

Now you need to create an IAM for your VPC to execute your lambda.

Goto IAM Roles-> create new role- >

For Select type of trusted entity, confirm that AWS service is selected.
For Choose a use case, choose Lambda.

A screenshot of a computer

Description automatically generated

Choose Next: Permissions.

Under Attach permissions policies, search for AWSLambdaVPCAccessExecutionRole. Select the policy with that name. If you lambda need any other permissions then select them and add to your role.

A screenshot of a cell phone

Description automatically generated

Move your lambda to VPC private subnet:

Change Lambda execution role to newley created role.

A screenshot of a computer screen

Description automatically generated

Click Edit

A screenshot of a cell phone

Description automatically generated

Now go to the VPC section of Lambda and edit to point to your VPC and private subnet.

A screenshot of a social media post

Description automatically generated
A screenshot of a cell phone

Description automatically generated
A screenshot of a cell phone

Description automatically generated
A screenshot of a social media post

Description automatically generated

All done and now your lambda will send outbound from EIP of your NAT Gateway.

Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: