I am connecting different AWS sources (RDS, Elasticache, EFS) in my lambda function. My AWS resources are configured in public subnets including my Lambda function. My Lambda also needs to access the internet but when we configure the lambda function in a public subnet typically it can't get access to the internet.
Now I am thinking to shift my lambda function to a private subnet so, it can access the internet using a NAT gateway. My only concern is, would our lambda function (in the private subnet) be able to access other AWS resources (RDS, Elastichche, EFS) that are in the public subnet?
Or there is any other good approach that suits my scenario? One more thing, I can't move my (RDS, Elasticache, and EFS) to a private subnet.
would our lambda function (in the private subnet) be able to access other AWS resources (RDS, Elastichche, EFS) that are in the public subnet?
Yes, if they are in the save VPC. So that's how it is usually done. Lambda in a private vpc able to connect internet through NAT. Since other resources are in the save VPC (or peered), lambda will use private IP addresses to connect to them.