-2

We have an app consisting of AWS Lambda (and API Gateway) and the Lambda uses credentials stored in AWS Secrets Manager. Do we need a VPC in this scenario? Or is the communication between the Lambda and Secrets Manager secure since they are on AWS network (and presumably not exposed to the internet)?

AWS PrivateLink can be used to talk to Secrets Manager if the Lambda is in a VPC. But if the Lambda is not in a VPC already, then is this setup considered insecure?

Thanks!

Nick ODell
  • 15,465
  • 3
  • 32
  • 66
dipti259
  • 29
  • 4

1 Answers1

1

Yes, it's possible. No, it's not insecure. No, it doesn't need VPC (unless the Lambda function itself needs VPC because the Lambda function needs access to private resources e.g. a database server).

If the Lambda function is not configured to connect to your VPC then it will have outbound internet access and can reach the AWS Secrets Manager endpoints over the public internet. That communication is encrypted over TLS/HTTPS.

jarmod
  • 71,565
  • 16
  • 115
  • 122