CPC H04L 63/10 (2013.01) [H04L 61/4511 (2022.05); H04L 63/101 (2013.01); H04L 63/108 (2013.01); H04L 63/126 (2013.01)] | 20 Claims |
1. A system comprising:
a cloud provider network in communication with a public internet;
an on-demand code execution service comprising a first set of one or more computing devices within a virtual private cloud of the cloud provider network, wherein the on-demand code execution service is configured to provide on-demand execution of function code;
a plurality of network-based services comprising a second set of one or more computing devices configured to provide computing services via both the cloud provider network and the public internet; and
an endpoint manager configured to provide an opt-in option for a private path to the plurality of network-based services via private internet protocol (IP) addresses not accessible via the public internet, wherein the endpoint manager comprises a third set of one or more computing devices configured to:
receive, from a function invoker, a first request to opt-in to the private path for communications from functions invoked by the function invoker on the on-demand code execution service;
receive, from the function invoker, a second request to invoke a function;
determine, based on the first request to opt-in to the private path, that all communications initiated by the invoked function to a network-based service of the plurality of network-based services are to remain within the cloud provider network until the communications reach the network-based service via the private IP addresses; and
configure the on-demand code execution service to:
execute code associated with the invoked function within a virtual execution environment of the on-demand code execution service; and
route a communication, initiated by the invoked function executing in the virtual execution environment and destined for the network-based service, to a virtual private cloud endpoint associated with the on-demand code execution service, wherein the virtual private cloud endpoint is configured to route the communication to the network-based service only via the private IP addresses such that the communication does not travel over the public internet.
|