Static Egress IP for AWS Lambda (SAM)

Overview

A SAM-based reference for giving an AWS Lambda function a fixed outbound (static) IP address by routing it through a VPC with a NAT Gateway and Elastic IP. Adapted from a well-known public example and used as a working pattern for IP-whitelisting integrations.

Why It Exists

Many partner APIs and banking/enterprise integrations require traffic to originate from a known, whitelisted IP. Lambda’s default ephemeral egress makes that impossible. This repo captures the canonical networking pattern that solves it, ready to deploy.

What We Built

An open-api.yaml-described API fronting a static-ip-lambda (under lambdas/), with a template.yaml that provisions the full network path: a VPC, public + private subnets, an Internet Gateway, a NAT Gateway with an Elastic IP, route tables, an API Gateway, the Lambda, and its IAM role. Outputs surface a test endpoint and the resulting static IP. Includes parameters.json, packaged templates, and npm run deploy tooling.

Technologies & Approach

AWS SAM/CloudFormation infrastructure-as-code in Node.js. The Lambda runs inside the private subnet; outbound traffic is forced through the NAT Gateway’s Elastic IP, yielding a single, stable egress IP that partners can whitelist.

Outcome / Impact

A reusable, deploy-ready blueprint for the recurring “Lambda needs a static IP” requirement. The same pattern later underpinned the studio’s serverless messaging service. Honestly framed: built on a public reference example and validated/adapted for studio use.

Capabilities Demonstrated

• Serverless VPC networking (NAT Gateway + Elastic IP) for static egress
• IP-whitelisting solutions for partner/enterprise integrations
• Infrastructure-as-code with AWS SAM