I have some EC2 servers running in private subnet of my vpc.
I had to do some operational task on these EC2 like for eg, add a particular tag to these EC2 server, or attach IAM instance profile to the servers.
For this I wrote a lambda to this task and ran it. It was successful.
I am just curious, how my lambda (which is not in my vpc) is able to view resources inside private subnet of my vpc and do the task.
I read in the docs that to connect to resources in our private subnet we need to connect lambda to our vpc. But in this case i am able to do operation on my private EC2 with lambda without connecting it to my vpc.
I am confused.
>Solution :
Things like updating tags and attaching IAM profiles are done through the AWS API. The AWS API isn’t in your VPC network, it’s on the public Internet. The Lambda function is able to do these things the same way you are able to do those things on your personal laptop without needing a VPN connection to your VPC.
The things that require a Lambda function to run in a VPC are things that require a direct network connection to be established with the servers running in the VPC, for example SSH connections to EC2 servers or database connections to RDS servers.