So here is the current architecture:
- I have a RDS Instance (my-db) that is not publicly accessible and that is in a private subnet of my VPC
- I have set up a RDS Proxy (my-proxy) that is in the same VPC as the RDS instance and only accepts connections with an IAM role (my-role), not with credentials.
- Then I have a lambda function (my-lambda) that assume 'my-role' and connects to 'my-db' asking 'my-proxy' for an authentication token and connecting through the proxy endpoint.
- The security group of 'my-db' only accept traffic coming from 'my-proxy' security group.
- The security group of 'my-proxy' only accept traffic coming from 'my-lambda' security group
When I execute 'my-lambda' from the AWS Lambda console, everything works great, 'my-lambda' succeed to connect to 'my-db', I can execute requests and I never have to use 'my-db' credentials anywhere in the code of the function, which is exactly what I need to do.
My big issue is that I don't want to develop and test the function in AWS Lambda, but rather in my IDE (pycharm). I want to be able to modify and test my modifications locally, then push my code to my github repo which have a github action that automatically updates my code in AWS Lambda (this part is also working well).
Do you have any idea on what I should do in order to test locally my function event though it needs access to resources in a VPC ?
I've tried modifiying the security group of 'my-proxy' in order to allow all entering traffic but it seems that proxies are never publicly accessible.
I've tried setting up a SAM template in order to test my lambda using the SAM template with AWS SAM CLI but didn't manage to make it work, and the time it took to build my lambda every time i made a small change was clearly a no go.
I've also tried setting up a VPN site to site, but I don't understand a lot about network and didn't manage to make anything work apart from shutting down my internet connection when I launched ipsec service.
I'm expecting for the function to run exactly the same as when I test it from AWS Lambda without having to modify the code every time I want to update the code remotely.
Thank you in advance for any help that you could bring.
