I'm working on a side project in AWS and have come across a challenge. My Lambda function that processes data in a private VPC needs to access AWS SSM and KMS APIs to retrieve the database password stored in the SSM Parameter Store. The recommended method for this is to create VPC private endpoints, but the cost ($14/month for two endpoints) is too much for my budget. I've thought about using a public Lambda to invoke the private one, but that seems like it could lead to scalability issues down the line. Is there a cost-effective way to allow my Lambda function to access SSM without the hourly endpoint charges?
1 Answer
Have you looked into the new IPv6 egress support for Lambda? If you set up an egress-only internet gateway, that part is free. It could be a simple solution without the need for expensive endpoints.
Really? That sounds almost too easy. I’ll definitely check out the documentation to make sure it’s legit!