I have a Lambda function on AWS that requires connectivity to my On premise API server. Currently a request originating from Lambda is getting blocked at my Company Firewall. To open the Firewall, I need to provide Source IP address.
My question is - Since Lambda does not run inside my VPC.. what would be the source IP address that I can use for incoming request from Lambda?
Currently the source IP address will be the large pool of IP addresses that AWS uses for Lambda functions. Opening up that large pool of IPs would allow anybody else to write a Lambda function that could then get through your company firewall, so that isn't a secure option.
The only way to provide a static IP address for a Lambda function is to place it in a VPC private subnet with a route to a NAT Gateway, and have a static IP (AWS Elastic IP) assigned to the NAT Gateway. That Elastic IP address will be public IP used by your Lambda function's outgoing requests. Your company firewall can then allow the Elastic IP address.