Security Group update to allow AWS Lambda function that is not attached to any VPC

579 Views Asked by At

There are two applications. One application is developed through AWS Lambda (present in Account A) and other application is deployed in ECS Fargate (present in Account B) in AWS.

The first application (AWS Lambda) is consuming an API (from the second application ECS Fargate). I need to allow the AWS Lambda function to access the ECS application (which is behind Application Load balancer) through the inbound rule in the security group.

Problem is AWS Lambda is not attached to any VPC and both applications are running in separate AWS accounts. How to solve this problem?

Note: It is an internal application not internet facing.

1

There are 1 best solutions below

4
On

Note : Its internal application not internet facing.

If your ECS application's load balancer scheme is set to internal instead of public, then an AWS Lambda function that is not assigned to a VPC would never be able to access it. You are asking about security group rules, but there is no security group rule that will give something on the Internet access to a resource that is not exposed to the Internet.

Your only option to make this work is to move the Lambda function into a VPC, and establish VPC peering between the two VPCs.