After reading AWS Documentation I read that AWS Lambda can send traffic outside the network via a NAT gateway; which I have.
However, I have an SQS that has messages my lambda is ingesting based on events.
I also have a Lambda inside a VPC with a static IP.
I'm wondering when implementing my security group what ports or/and protocols do I need to allow for my Lambda to receive inbound messages from SQS? Or do I need to use VPC Endpoint for this?
NOTE: My SQS Service is receiving messages from a service outside AWS. So If I need to use a VPC Endpoint I still need this functionality to work. Security policy also does not allow 0.0.0.0 traffic on security group
However, I'm not certain if I need to allow anything in my security group in order to receive traffic from SQS. Or if it will be allowed by default?
if I need to allow anything in my security group in order to receive traffic from SQS
No, you do not have to do anything in therms of SGs. If your lambda IAM execution role allows reading from the SQS, it should all work, whether you are using VPC or not.