How do I get a Lambda function in a VPC to access Systems Manager Parameter Store?
I have an AWS Lambda function in an Amazon Virtual Private Cloud (Amazon VPC). I want to connect the function to AWS Systems Manager Parameter Store, but I can't establish the connection. Why can't my function access Parameter Store, and how do I configure the function so that it can?
Short description
Lambda functions within an Amazon VPC don't have internet access. The network interfaces that Lambda creates within an Amazon VPC have private IP addresses, and can't use an internet gateway to gain internet access. This configuration blocks the function from accessing other AWS resources outside of the Amazon VPC, such as Parameter Store.
Note: It's a best practice to not put your Lambda function in an Amazon VPC unless the function must access other resources in the VPC.
Resolution
To allow a Lambda function that's in an Amazon VPC to access Parameter Store, do one of the following:
- Give your function internet access.
- Set up an interface endpoint in your Amazon VPC that allows your function to access Systems Manager.
Note: AWS PrivateLink VPC endpoints rely on DNS. If you use AWS PrivateLink, make sure that you configure the DHCP options for your Amazon VPC so that DNS is set up for it. For more information, see Using DNS with your VPC.
Related information
Configuring a Lambda function to access resources in an Amazon VPC
Relevant content
- asked 5 years ago
- Accepted Answer
asked 3 years ago - asked 5 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 3 years ago
