An AWS Lambda is a function that runs on servers. It can be configured either to run inside the VPC, or on AWS servers.

No matter what, the server on which the lambda function has 3 IP addresses, 127.0.0.1, and 2 APIPA (169.254.x.x) addresses.

If it's configured to run on AWS servers, by default, it has full access to the Internet. If it's configured to run within the VPC, it does not have access to the Internet.

Therefore, the VPC needs to have a public subnet that routes 0.0.0.0/0 traffic to the Internet (through an Internet gateway). It then also needs a private subnet that the lambda function resides in.

A NAT gateway, or a NAT EC2 instance needs to be set up that resides on the VPC's public subnet. Then, a routing table needs to be defined associating the private subnet with the VPC, and routes 0.0.0.0/0 traffic to the NAT gateway/instance. Security rules need to be in place on the lambda function so that traffic can get out.

This will then allow the lambda to route Internet-destined traffic through the NAT gateway/instance to the VPC's public subnet.