i have 2 lambdas - "results" and "voting", "voting" does have ENI attached. lambda function "results" does have ENI attached to it.
i used vpc reachability analyzer to test connectivity from lambda ENI "voting" to dynamodb - and it has status 'reachable'.
I dont see how to attach ENI to "results" lambda. I did create ENI but don't see the button to attach it.
I am not sure what your question is, do you want AWS Lambda to access DynamoDB or do you want VPC Reachability Analyzer to show that AWS Lambda can reach DynamoDB?
The simplest way for your Lambda function to access DynamoDB is to configure the function to run in the service VPC more information below. If you do this the Lambda function will not have access to any of your private services (Databases, Servers) running in your VPC.
A Lambda function always runs inside a virtual private cloud (VPC) owned by the Lambda service (Let's call this an External Lambda Function). By default, a Lambda function isn't connected to VPCs in your account. When you connect a function to a VPC in your account (VPC Linked Lambda function), the function can't access the internet unless your VPC provides access.
In the default external Lambda function configuration the Lambda function can reach public AWS endpoints and anything else public (internet) including DynamoDB, because the AWS Lambda Service VPC has an Internet Gateway (IGW), and the Lambda functions have a route to the internet.
By attaching a Lambda function to your VPC the AWS Lambda function is limited by the networking configuration of the VPC. I.e you need to configure a route to the Internet via an IGW, or if you want to access Amazon DynamoDB you need a route to the DynamoDB Service (which is public, i.e. internet facing) either via the IGW or Private Link Endpoint. All of this assumes your Lambda function has permission to access DynamoDB, either via the Lambda execution role or the DynamoDB resource policy.
The elastic network interface (ENI) is a logical networking construct that lives within the VPC. The default AWS Lambda function ENI is managed by the Lambda Service and you will not have access to this ENI, if the Lambda function is attached to your VPC, an ENI within your VPC is associated to the Lambda and you will have access to this ENI.
Above I mentioned accessing DynamoDB via IGW or PrivateLink. If the Lambda function is running within your VPC then there are two mechanisms you can use to access DynamoDB.
IGW - Here the Lambda function needs a route from the ENI to the IGW, the network controls like Network Access Lists, and Security Groups must be configured correctly, and if IP4 is used a NAT Gateway is required, as best practice is running the Lambda in a private subnet of the VPC.
AWS PrivateLink also known as VPC Endpoints. A VPC endpoint for DynamoDB enables Amazon EC2 instances or Lambda functions in your VPC to use their private IP addresses to access DynamoDB with no exposure to the public internet. Similarly to IGW, your Lambda functions would need a route to the VPC Endpoint, and all the NACLS and SGs should be configured correctly. Here you would not need NAT or an IGW.