From my understanding, I can run AWS Lambda outside a VPC, as well as the RDS and have that set to publicly accessible. That would be the perfect solution for me because my lambda functions need internet access and a NAT Gateway which would allow that when inside a VPC is way too expensive. In which cases is it safe to go for that option? When is it a bad idea to have an RDS outside a VPC? What are the risks?
3
- You ask good questions, but more than one in the same one; so I'm having a hard time on focusing on one; but I'll try: You can try using a NAT instance instead of gateway, generally they are cheaper. For No-VPC RDS instances, is it still possible?: stackoverflow.com/a/34212058/4636715 .vahdet– vahdet2019-03-18 07:30:38 +00:00Commented Mar 18, 2019 at 7:30
- Thank you @vahdet. I understand we can set the rds to be piblicly accessible, althought I wonder about the dangers that come with doing that.Rony Azrak– Rony Azrak2019-03-18 15:25:03 +00:00Commented Mar 18, 2019 at 15:25
- Enablic publicly accessible flag should not be considered to be ok, imho: I always match databases with private subnets in my mind. Yet, at least, you should restrict IPs by making use of a security group. For a larger discussion on a similar topic, see: security.stackexchange.com/questions/6991/…vahdet– vahdet2019-03-18 19:59:10 +00:00Commented Mar 18, 2019 at 19:59
Add a comment |
1 Answer
It is a VERY bad idea to expose your SQL server to the public internet. This is a very large security risk and you could eventually lose your data.
The a Nat gateway is too expensive, you could break the project into 2 lambda functions. Have one lambda function invoke attached to the VPC access the DB. This lambda can then invoke a second lambda function outside of the VPC, execute code, and return the results.
Natgateway is still the best solution.
