My lambda function can access Systems Manager parameters (ssm.getParameter) when NOT in a VPC. When I add the lambda function to my VPC, I lose access to SSM. The function times out.
Clearly I am missing a security group setting or something but can't figure it out. What do I need to do to enable lambda access to SSM when running it in my VPC?
Most likely this is because you're creating your Lambda function in a public subnet. A Lambda function does not get a public IP address so must use NAT (or VPC endpoint) to access resources outside the VPC.
Also, as a side note AWS now provides a VPC endpoint for SSM so you don't even need to go through the internet via NAT any more.