Can I change my AWS Lambda's public IP on every request?

前端 未结 2 1062
囚心锁ツ
囚心锁ツ 2021-02-05 18:08

I would love to get a new public IP every time I make a request. Is it possible to purposefully trigger my IP to be reprovisioned?

相关标签:
2条回答
  • 2021-02-05 18:51

    By default, a Lambda function is invoked from a private IP within one or more subnets in your VPC, according to your configuration. It is not configured with a public IP #; they are assigned private IPs.

    If the requirement is to have the Lambda function assigned a public IP number, you would need to configure a NAT Gateway or NAT instance to provide internet access, and therefore a public IP. The Lambda traffic would then be attributed to the public IP address of the NAT gateway/instance.

    An elastic IP address is assigned with a given NAT Gateway but it can't be reassigned - it is static. So a NAT Gateway would not work for your purpose.

    You would have to use a NAT instance. The Lambda function would then need to terminate/launch the NAT instance at the end of each request. This would cause EC2 to assign a new public IP for your NAT instance - assuming the subnet it launches from is configured to auto-assign IP#s on launch.

    Given that, you would have to restart the NAT instance after each request, in order for it to be assigned a new IP#. This process would allow for each request to be attributed to a new public IP# each time.

    Please note that during the NAT instance launch/termination phase, your Lambda function would not have access to the internet. You could consider queueing the Lambda function using Simple Queuing Service to prevent contention to the NAT instance.

    Scaling would also become an issue, as the functions would all require the NAT instance to be available for each invocation. If uptime and availability were a concern, you would need to implement a HA solution at the NAT service level.

    0 讨论(0)
  • 2021-02-05 18:51

    From the AWS lambda developer guide: “By default, Lambda runs your functions in a secure VPC with access to AWS services and the internet. The VPC is owned by Lambda and does not connect to your account's default VPC.” I use the NAT gateway method only when I need a static IP for whitelisting access on a firewall for example.

    0 讨论(0)
提交回复
热议问题