you can utilize AWS PrivateLink along with a VPC Endpoint.
- Create a Network Load Balancer (NLB) in VPC-2:
Deploy an NLB in the same subnet as your EC2 instance hosting the SQL database.
Configure the NLB to forward traffic to the EC2 instance.
- Create an AWS PrivateLink Endpoint Service (VPC Endpoint Service) in VPC-2:
Associate this service with the NLB.
This service will create an endpoint network interface in VPC-2 that can be accessed from VPC-1.
- Create an Interface VPC Endpoint in VPC-1:
This is the endpoint through which your Lambda function will communicate.
The service name should be the one created in VPC-2.
Ensure that the security group attached to this endpoint allows outbound traffic to the NLB in VPC-2.
- Security Group Configuration:
Modify the security group of your EC2 instance to allow incoming SQL traffic (port 1433 for SQL Server) from the NLB.
Adjust the security group of the NLB to allow traffic from the VPC endpoint in VPC-1.
Then in your Lambda function's code, modify the database connection string to point to the DNS name of the VPC endpoint service in VPC-2