How do packets get out of the VPC?

Question

How do packets get out of the VPC?

kmkale opened this issue 3 years ago · 2 comments

Hey Corey,
First of all thanks for publishing this. I could not find a explanation for
without having to use a NAT instance or Managed NAT Gateway to allow those functions to also speak to external resources.
And could not find a comment link in your blog, so asking here.
Without a NAT how do packets get out of the VPC for connections initiated from the Lambda?

Answer 1 · 2021-07-21T18:38:42.000Z

The "magic" happens in the extension here additional details on the options in that command here

tl;dr: SOCKS5

Answer 2 · 2021-07-21T20:16:00.000Z

Apologies; I was unclear. Lambdas can either run in the "public" area, or (effectively) in a private subnet of yours. This extension lets you run the Lambdas in the usual public location, but traverse the Tailscale network to expose guarded resources in various locations, including public-but-locked-down subnets within AWS.

tl;dr: If you have private subnets / resources in those private subnets that Lambda needs to talk to, you're still faced with a sad NAT choice.