I am working on a lambda function in node.js, this function needs to connect to CodeCommit, checkout a file from a specific branch in a specific repo, read some values and connect to a document DocumentDB cluster.
const codeCommit = new CodeCommit({region: "myRegion"});
const config = {
filePath: "myFile",
repositoryName: "myRepo",
commitSpecifier: "myBranch"
};
const file = await codeCommit.getFile(config);
If I don't specify any subnet for this function, I am able to connect to CodeCommit and get my file, but I am not able to connect to DocumentDB, for this I was told my function needs to be in a private subnet.
The problem is that, when I set a subnet in "Configuration" -> "VPC" (public or private), I am able to connect to DocumentDB (I would expect from the private one only) but not to CodeCommit. For this I need to leave "Configuration" -> "VPC" empty.
The VPC I selected for lambda is the same as DocumentDB. I can connect to DocumentDB from EC2 as expected (same VPC).
Any idea on how to make this function connect to both CodeCommit and DocumentDB?
Lambda functions must be deployed in private subnets, with the connectivity to AWS Public Services (i.e. CodeCommit) that must be granted by a NAT Gateway or Interface / Gateway VPC Endpoints.
So, you should:
Souce: How do I give internet access to a Lambda function that's connected to an Amazon VPC?