How to I discover the local IP address or ENI of a running AWS lambda?

Asked 10/9, 2019 at 1:34 Answered 28/8, 2024 at 10:24

python amazon-web-services aws-lambda ip-address discovery

I am trying to discover the VPC IP address or AWS ENI of the currently executing AWS Lambda so that I can use the IP address to filter the VPC logs to find matching records. The Lambda is running in a VPC and does not have a public IP address.

I have tried various techniques suggested here:

Finding local IP addresses using Python's stdlib

but these do not work for me because I think they are showing the IP address of the container from the container's point of view and not the VPC's point of view.

Piranesi answered 10/9, 2019 at 1:34 Comment(3)

Unless the IP you're getting is 127.0.0.1 or 0.0.0.0, I actually think the IP you'd get from the procedure outlined in the link you posted is the IP you need, since it would be the IP of the machine within the VPC. Unless of course you have a more complicated setup with multiple subnets or something of the sort in there, but you made no mention of this. – Fidgety 10/9, 2019 at 1:40

are you expecting IP address as key to find current aws lambda logs? – Paean 10/9, 2019 at 5:9

I'm also trying to figure this out because we had a LAMBDA failing mysteriously with connection issues because one of the subnets did not have its access configured correctly. If I could log what IP the LAMBDA is using then I could determine its subnet in the VPC and better diagnose problems stemming from that – Commendatory 18/3, 2020 at 19:18

A partial answer is that an ENI is setup when the lambda was created rather than each time it is run. It seems, but I am not sure, that lambdas running the same VPC with the same security group share the same ENI. So, strictly speaking, I don't need to discover the IP address at runtime from code in the lambda itself. Rather, I can just inspect the Network Interfaces console to discover the lambda ENI and use that for my filtering purposes (provided, of course, that there is not too much traffic from other lambdas running on the same network interface).

Piranesi answered 10/9, 2019 at 1:44 Comment(0)

Our solution for this was to generate a private API within the VPC, with a mock response that will tell you the private IP address you called from. Then query the EC2 DescribeNetworkInterfaces api based on that private IP.

Since this is time expensive, we only run it on a cold start, not on every lambda run.

Metallophone answered 10/8, 2020 at 14:31 Comment(0)

You can use the AWS CLI to get the private IPs of the ENIs used by Lambda.

aws ec2 describe-network-interfaces --filters Name=interface-type,Values=lambda --query "NetworkInterfaces[].{NetworkInterfaceId: NetworkInterfaceId, PrivateIpAddresses: PrivateIpAddresses}"

Example output:

[
    {
        "NetworkInterfaceId": "eni-xxx",
        "PrivateIpAddresses": [
            {
                "Primary": true,
                "PrivateDnsName": "ip-10-0-1-2.eu-central-1.compute.internal",
                "PrivateIpAddress": "10.0.1.2"
            }
        ]
    },
    {
        "NetworkInterfaceId": "eni-yyy",
        "PrivateIpAddresses": [
            {
                "Primary": true,
                "PrivateDnsName": "ip-10-0-1-3.eu-central-1.compute.internal",
                "PrivateIpAddress": "10.0.1.3"
            }
        ]
    },
    {
        "NetworkInterfaceId": "eni-zzz",
        "PrivateIpAddresses": [
            {
                "Primary": true,
                "PrivateDnsName": "ip-10-0-1-4.eu-central-1.compute.internal",
                "PrivateIpAddress": "10.0.1.4"
            }
        ]
    }
]

Cates answered 28/8, 2024 at 10:24 Comment(0)

Recommended topics

Hot tags