What are the default AWS lambda VPC settings?


From the AWS lambda documentation:

AWS Lambda runs your function code securely within a VPC by default.

What are the “default” lambda VPC settings for CIDR blocks, ingress rules, and egress rules?


If a VPC is not specified for a Lambda function, it runs in an Amazon-controlled VPC over which you have no control or visibility. The Lambda function is able to connect to the Internet, but you cannot put any other resources in that ‘mysterious’ VPC.

So, to answer your question:

  • CIDR Blocks: Unknown and doesn’t matter.
  • Ingress Rules: None, since external resources can never ‘call’ a Lambda function
  • Egress Rules: All. It doesn’t block outbound access. However it is stateful, so responses would be allowed back in.

If you wish to have more control over the VPC in which Lambda runs, you can create your own VPC (in the normal VPC console) and configure the Lambda function to run in that VPC.

Please note that, in this situation, the Lambda function receives a private IP address and does not have direct access to the Internet. If you wish the function to access the Internet, you will need to treat it like a resource in a private subnet and use a NAT Gateway to provide Internet access.

Leave a Reply