For ?? I've tried just making the lambda directly connect to an open port, but this requires me to open the router to quite a large range since lambdas don't have static IPs.
I'd like a VPN in ?? I have that for my phone.
As I dig into VPC and such it seems like it almost requires an EC2 endpoint for me to VPN into from my network which will NAT the request?
You should be able to setup a vpn from aws to your home. The lambda can be assigned to the vpc, then you setup a virtual private gateway, a customer gateway (which points at the public ip of your home vpn endpoint),and a vpn connection. If you dont have bgp for routing, then you'll need to setup the static route on the subnet the lambda was assigned to. I havent done this exact thing before, but it should work.
Once you have your lambda running inside a VPC, you can assign an elastic IP to the VPC. You don't need an EC2 instance, but you will need a NAT gateway, which is billed at similar levels to a small EC2 instance anyway.
Hrmmm perhaps I'll just have to develop something with single packet encrypted port knocking perhaps. ~$36 a month is out of mine price range for something that is like 100k bytes a month (say having an Echo skill that can control Home Assistant)...
Can’t you open up a SSH-tunnel from the lambda? I think there are Python clients if OpenSSH isn’t available in lambda instances (anyone know which binaries are available? I suppose it’s a quite barebone Linux container)
I guess I don't want a socket listening. If AWS would publish their subnets maybe I could limit it to those addresses. It sure seems like they could keep their subnets dynamic and accommodate something like this but I guess not.
Not sure about lamba, but the Firebase equivalent can make outgoing requests. You can setup challenge/response auth and then have a gateway controller in your network using that.
