Here’s another gotcha that I discovered for myself this week. When you deploy a lambda in your vpc it uses up an IP address whenever it runs. If your lambda runs more than one instance at the same time it will use up multiple IP addresses. As you can guess with a heavy used lambda you can quickly use up your avaliable IP addresses.
Our current thought process to resolve this issue is to create a new VPC just for lambdas that will be peered to our current VPC. This would allow us to give it a large IP range outside of our current CIDRs and still allow us to secure our lambdas and Elasticsearch. Hopefuly this will work, I’m starting work on the proof of concept and will write a follow up with more details soon.