I currently have an application load balancer configured with TLS that acts as a traffic forwarder to a Lambda function. Typically the ALB performs SSL/TLS termination prior to forwarding traffic to the target group clients, however, is there a way to persist the port 443 traffic to the Lambda?
They are both within a VPC and have the security groups configured to allow the decrypted port 80 traffic flow between the two, but I can't find any documentation about whether the same is possible for port 443 traffic or if that's just a hard limitation of the ALB->Lambda relationship.
The ALB does not call the Lambda function over port 80. A Lambda function isn't something that is running and listening on a specific port at all. When an ALB gets a request that it needs to forward to a Lambda function it is doing something like converting the request into a payload object, and then calling the AWS API Lambda Invoke endpoint, passing that payload object in the request. The AWS Lambda service then spins up an instance of your Lambda function, and passes it that payload in the event object. Per your concern, the ALB will be calling the AWS API over HTTPS.
Note that since a Lambda function doesn't ever listen on a port, opening inbound ports in the Lambda's security group accomplishes nothing. Also, note that since the ALB doesn't ever connect directly to your Lambda function, the function doesn't need to be running in the VPC in order for the ALB to call it.