I have an infrastructure consisting of the following services in a VPC (except S3 and Transcoder obviously):
The scenario is the following:
The problem is that since RDS is not publicly accessible, the lambda needs to be in the same VPC as the RDS in order to allow connections to it. This also results in generic Internet connection loss in the lambda function which means that it cannot access Elastic Transcoder (since it's an out-of-VPC from the point of view of the VPC). Now, I had similar problem with S3 but it was fairly easy to solve that by adding an endpoint to the VPC which points to the S3, however, there's no such option for Elastic Transcoder (or any other service as a matter of fact).
I don't want to create a NAT gateway as it's pretty expensive for such a nonsense thing.
So the simple question is: how can I solve that Lambda can communicate with RDS and Elastic Transcoder at the same time?
P.S.: The lambda role contains the policy that has access to Elastic Transcoder's *Job
One option which worked for me was splitting my function into 2:
1st function is outside of VPC, has access to public internet and therefore to Elastic Transcoder and S3 (in your case)
2nd function has access to VPC and does purely what's needed to get from VPC resources.
So the point is 1st function will invoke the 2nd function using aws-sdk to get something from VPC without creating a NAT gateway!
P.S. Creating a lot of functions inside VPC can cause unexpected performance surprises. Here is a bit more about Lambda + VPC