Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Add VPC endpoints as alternative to NAT gateway #283

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
devlinbd2 merged 2 commits into from
May 25, 2021
Merged

Add VPC endpoints as alternative to NAT gateway #283

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3cf6c95
Add VPC endpoints as alternative to NAT gateway
GoodMirek May 24, 2021
3cc2149
Add VPC endpoint for Secrets Manager if authentication is required
mirek-ppup May 25, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion 3 doc_source/services-msk-topic-add.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ This section describes how to add your Kafka cluster and topic as a function tri

To get Apache Kafka records from Amazon MSK brokers, Lambda must have access to the Amazon Virtual Private Cloud \(Amazon VPC\) resources associated with your MSK cluster\. To meet Amazon VPC access requirements, we recommend:
+ Configuring one NAT gateway per public subnet\. For more information, see [Internet and service access for VPC\-connected functions](configuration-vpc.md#vpc-internet)\.
+ Alternatively, instead of NAT gateway, deploy VPC Endpoints (PrivateLink) for Lambda and STS services\. If authentication is required, then deploy also VPC Endpoint for Secrets Manager\.

Your Amazon VPC security groups must be configured with the following rules \(at minimum\):
+ Inbound rules – Allow all traffic on all ports for the security group specified as your event source\.
Expand Down Expand Up @@ -56,4 +57,4 @@ The following example uses the [https://awscli.amazonaws.com/v2/documentation/ap

```
aws lambda get-event-source-mapping --uuid 6d9bce8e-836b-442c-8070-74e77903c815
```
```
Morty Proxy This is a proxified and sanitized view of the page, visit original site.