what ip AWS lambda function use?

Question

I\'m not very good with networking, but here is my issue: I need to connect to MySQL server from AWS lambda function, that is behind firewall, and to \'white\' my AWS lambda i n

Answer 1

You have an MySQL instance that is not on AWS infrastructure. You want to limit access to the the MySQL instance by the IP of the Lambda function to your on-premise instance. You can only use a local firewall to secure the instance.

Since your use case requires internet access from Lambda to your MySQL instance on the public internet, you will need to configure a NAT gateway for your Lambda function to access the internet.:

if your Lambda function requires Internet access..., you can configure a NAT instance inside your VPC or you can use the Amazon VPC NAT gateway. For more information, see NAT Gateways in the Amazon VPC User Guide.

Using a NAT Gateway configuration allows your Lambda requests to come from the fixed IP of the NAT Gateway. If you assign and Elastic IP Number to the NAT Gateway here, you can then specify that IP/port combination on your firewall to secure access to your on-premise SQL instance.

Answer 2

The IP addresses in the 172.31.16.0/20 are private, non-routable addresses. Unless your MySQL server and firewall are in the same VPC, your Lambda will only be able to connect through NAT and will use the elastic IP attached to your NAT Gateway. That's the only IP address you need to whitelist.

Incidentally, for a CIDR of 172.31.16.0/20, you can expect IP addresses from 172.31.16.0 to 172.31.31.255. The 20 is the number of mask bits which gives a range of 4096 values. It maps to a netmask of 255.255.240.0.