AWS Lambda function via Function URL invoke only within VPC

Question

I have a lambda function in AWS inside a VPC. I want to attach http handler (function URL).

The problem is, if I enable the function URL then it creates a public endpoint.

Alternatives I don't want to use

• enable AWS_IAM security (then the caller will need to use AWS SKD and get token and all)
• API gateway trigger (I am already using API gateway as proxy to kubernetes Ingress, I don't want to diverge that)
• ALB (I am already using k8s ingress, which creates ALB, so I want the proxy to be created manually by code, not using lambda configuration)

Is there a way we can create AWS Lambda function URL but it should be accessible only within VPC without involving AWS SKD? (like wget URL)

Answer 1

In our org, we ended up going with an internal-only ALB and we enabled MultiValueQueryStringParameters to pass data into the Lambda function and to execute it. This is the only way I could find to provide an internal-only URL that I could further protect with a security group. I couldn't figure out how to make Lambda URLs internal-only.