So I have a very confusing issue that I don't know how to solve. My setup is API Gateway -> Lambda -> IoT Core. I setup the code and it works fine from my IDE. I deploy it to AWS, and my connection to AWS times out.
The Lambda is in a single subnet and the subnet does have a default route to an IGW. I did a test, and the Lambda function can resolve the IP of my IoT endpoint to a public IP (54.x.x.x). But the connect() method times out. My security group for the Lambda function is setup to allow all incoming / outgoing.
What am I missing? Why can't I get to IoT Core from inside a VPC with an IGW configured and seems to be working. Any direction would be greatly appreciated.
UPDATE
After playing around with many different things, I can't identify what exactly I had messed up with my configuration. But following the accepted answer I ended up with the following setup which appears to work for what I need.
- subnet-1 10.14.10.0/24 (auto-assign-public=false)
- local route ( 10.14.0.0/16 ) and default route=nat-gateway
- subnet-2 10.14.20.0/24 (auto-assign-public=false)
- local route ( 10.14.0.0/16 ) and default route=nat-gateway
- subnet-3 10.14.30.0/24 (auto-assign-public=false)
- local route ( 10.14.0.0/16 ) and default route=nat-gateway
- subnet-4 10.14.40.0/24 (auto-assign-public=false)
- local route ( 10.14.0.0/16 ) and default route=nat-gateway
- subnet-5 10.14.200.0/24 (auto-assign-public=true)
- local route ( 10.14.0.0/16 ) and default route=igw
- nat-gateway
- in subnet-5
I don't know if this is what I intended, but this is what I was looking for. A series of subnets that are not publicly accessible, but has an internet connection for access to other AWS services. So my Lambda resources, ECS, etc can sit privately and access what they need.
Thank you everyone for the information.