I recently saw a use-case where Lambda was placed inside a VPC with a default route that pointed to another ENI (not the ENI associated with the Lambda function)
I can't seem to understand why this would be needed. Could someone please provide a use-case where this would be suitable/ advised?
For example, I'm aware of having Lambda inside a private subnet which points to a NAT Gateway as a default route would grant the function public internet access.
Or having no default route for VPC-function will only allow access through local network.
Or having the default route to a transit-gateway will allow vpc-peering connection where Lambda can access private resources in another VPC.
But can't seem to wrap my head around having a default route to another ENI.
This might seem unusual, but it is used in cases where you want to route the traffic of the Lambda function through a proxy server or a firewall for monitoring, auditing, or security purposes. This other ENI could be associated with a Network Load Balancer (NLB) or an EC2 instance that is set up to handle this routing and processing of traffic.
Another potential use case is getting your Lambda traffic to reach systems located in a multi-cloud overlay network such as Aviatrix AirSpace.