How to allow invoking an AWS Lambda function only from EC2 instances inside a VPC

Question

I am struggling with understanding how I can easily invoke my lambda function from an EC2 instance within a VPC.

I think I have a quite common problem but strangely enough I didn't found anything specific for this "pattern".

I have a Python application in an EC2 instance and I would like to launch heavy processing functions in parallel using Lambda functions and keep the EC2 quite light-weight.

Ideally, the Lambda function could be invoked only from within the VPC (only from my EC2 instances).

My understanding is that I have to create an API gateway (or add an API endpoint to the Lambda function) but I don't understand how to invoke this function from the EC2 (I am trying to use HTTP requests without success) nor how to set permissions.

I used a trigger in the function to set-up the API gateway and I am using the corresponding link for requests.

Answer 1

There are various ways, other than API Gateway, to invoke Lambda functions. The one most relevant to your use case would be the Invoke API. You can find the official documentation here and the Boto library's, in case you are using Boto, here.

Also, as mentioned in a comment on the question, you can assign an IAM role to the EC2 instances that allows them to Invoke the Lambda function.