I'm creating a VPC in aws, and plan to add dynamodb and lambda to access to dynamo. If dynamodb is in a private subnet, what else do i need for lambda to connect to the dynamo. If lambda is invoked by API gateway , can lambda and dynamodb be under same private subnet?
2
- dynamodb can't be in a private subnet, in fact, its not in any subnet.Marcin– Marcin2021-06-23 02:27:23 +00:00Commented Jun 23, 2021 at 2:27
- @Marcin - you mention dynamodb can't be within a private subnet. I have been learning/going through aws documentation. so can dynamo can never/does not need to be inside a vpc ? can you point me towards any similar example or suggest something for api gateway,lambda,dynamodb,vpc set up.kyagu– kyagu2021-06-28 18:39:23 +00:00Commented Jun 28, 2021 at 18:39
Add a comment |
1 Answer
DynamoDB is not located in your VPC. If you want to access DynamoDB via the private network from Lambda, you can use the DynamoDB VPC Gateway endpoint. A route will be added to your subnet route table, all traffic to DynamoDB will route through AWS internal network.
Things to setup:
- Private subnet
- DynamoDB VPC endpoint (Gateway type, use interface type (cost $) if you want to connect via private IP)
- VPC Lambda
- If you want the API Gateway also be private, setup private API Gateway and API Gateway VPC endpoint
2 Comments
kyagu
@ronal8192 - thanks. this is helpful. just so that I understand, you mentioned "DynamoDB is not located in VPC", doesn't dynamodb needs to be in private subnet, within the vpc and only lambda can access. and may be api gateway is in public subnet with access to internet, so only api gateway is exposed to the outside world. there are better solutions of course, but my understanding was along these lines from security perspective.
theberzi
Without instructions on how, this answer is not complete. There are dozens of posts about this all over the internet but they at times contradict each other and nothing has worked for me thus far, so having one comprehensive answer that goes from 0 to a working setup would be helpful.