AWS Lambda to AWS Secrets Manager in Private Subnet

AWS Secrets Manager → AWS Lambda

Deploy a Lambda function in private subnets with access to AWS service endpoints via PrivateLink VPC interface endpoints.

This pattern allows to operate a Lambda function that doesn't have outbound public internet access but have access to Secrets Manager service endpoint.

This pattern deploys one private VPC, one private and isolated subnet, one security group, one Python Lambda function, one VPC Interface Endpoint for Amazon Secrets Manager and one example secret.

< Back to all patterns

Language:: TypeScript
Framework:: AWS CDK

Download this pattern (.zip)

View this pattern on GitHub

Clone repo

git clone https://github.com/aws-samples/serverless-patterns/cd serverless-patterns/lambda-vpc-interface-endpoints-secrets-manager

Deploy

cdk deploy

Testing

See README.md file in the GitHub repo for detailed testing instructions.

Cleanup

Delete the stack: cdk destroy.

Additional resources

VPC with public and private subnets (NAT)

AWS services that integrate with AWS PrivateLink

Use AWS PrivateLink to Access AWS Lambda Over Private AWS Network

Created by:

Emir Ayar

Emir Ayar is a Tech Lead Solutions Architect on the AWS Prototyping Team to help customers build IoT, Edge AI, and Industry 4.0 solutions and implement architectural best practices.