How to let AWS lambda in a VPC to publish SNS notification?

Question

I have a lambda function that accesses my Postgres db in RDS via VPC. After it queries the db, I want to post a notification to SNS. Because my lambda function exists in my

Answer 1

UPDATE

As of April 2018, SNS supports VPC Endpoints via AWS PrivateLink. So, there will be no need to set up an Internet Gateway or a NAT instance in order for a Lambda function inside your VPC to publish SNS notifications.

See this blog post for more details.

Answer 2

I know this is old, but here's another option that works, for those who don't want to configure a NAT. Instead of trying to have a lambda function inside the VPC that interacts with SNS, split into 2 lambda functions, as follows.

Function 1 sits inside the VPC and interacts with the database, returning the result of your database interaction (eg, a list of IDs matching some criteria).

Function 2 sits outside the VPC, invokes Function 1, then processes the array of values and publishes the appropriate SNS notifications (eg, sends a message based on each ID in the list).

Would be nice if there was a VPC endpoint for SNS, but still in late 2016 this does not seem to be the case.

Answer 3

I finally managed to get it working...

The trick is that you MUST have 2 subnets.

A public one, with a routing table that sends traffic to the Internet Gateway of your VPC. Put the NAT in there.

And a private one, with a routing table that sends traffic to the NAT. Put the Lambdas in there. (BTW Making a public subnet means setting the Auto-assign Public IP option to Yes.)

It is outlined in this overview diagram from the AWS docs:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html#Configuration-2

Answer 4

You will need a NAT server running in your VPC to route traffic outside of the VPC. AWS now offers a managed NAT service that makes this easier.