I have a lambda in VPC-1 trying to access a SQL database which is hosted inside an EC2 instance in VPC-2. How should I establish a connection between Lambda(VPC-1) and SQL DB (VPC-2) using VPC endpoint? What configuration I need to do in infrastructure and code?
I don't want to do VPC peering as it is not allowed in my organization.
you can utilize AWS PrivateLink along with a VPC Endpoint.
Deploy an NLB in the same subnet as your EC2 instance hosting the SQL database. Configure the NLB to forward traffic to the EC2 instance.
Associate this service with the NLB. This service will create an endpoint network interface in VPC-2 that can be accessed from VPC-1.
This is the endpoint through which your Lambda function will communicate. The service name should be the one created in VPC-2. Ensure that the security group attached to this endpoint allows outbound traffic to the NLB in VPC-2.
Modify the security group of your EC2 instance to allow incoming SQL traffic (port 1433 for SQL Server) from the NLB. Adjust the security group of the NLB to allow traffic from the VPC endpoint in VPC-1.
Then in your Lambda function's code, modify the database connection string to point to the DNS name of the VPC endpoint service in VPC-2
