I have deployed a AWS Lambda function within a private subnet in VPC. I created a VPC endpoints/s for Sagemaker in the same private subnet and then tried to do inference from Sagemaker. In the route table attached to the private subnet I have an entry to the local VPC (and S3 VPC endpoint). But, the request to Sagemaker gets timeout. I have used a separate security group for VPC and point and allowed all inbound traffic from the lambda function and the lambda function is connected to a security group allowing all the out bound traffic to the VPC endpoint security group.
When I add 0.0.0.0/0 -> to NAT in public subnet it works and make the call through the NAT. What am I missing here?
- Should I add any routes for the Sagemaker VPC endpoint in the route table?
- Or assign a public IP to the ENI of the VPC endpoint?
- Or add a route to some path to the ENI of the VPC endpoint?
Should I provide any endpoint URL in when I deploy the model or predict in my Python script of the lambda function (I found a similar solution for a problem with the lambda interface. They explicitly provided the endpoint_url to the VPC endpoint.