Hi there!

Today I want to tell you how with go you can get a list of all AWS Lambda that are in the VPC. First you need to install golang. The latest version can be downloaded from the official website.

Once golang is installed, create a folder for the scripts mkdir awsscripts

Next you need to initialize the go.mod file. This file stores all the dependencies on external packages, and at the same time will make the go code module. And in the future it can be installed with go get. To create a module you need to call the command go mod init github.com/mpostument/awsscripts. Where github… is the name of the module. If you use another version control system, it could be it, then the user name and module name.

Once the module is created we will need aws-sdk to work with aws. You can install it with the command go get github.com/aws/aws-sdk-go@latest. Run it in the directory with go.mod. After that in go mod the version aws-sdk will be added require github.com/aws/aws-sdk-go v1.34.14. In the future, to update the version of aws-sdk. Manually change the version in this file and run go mod tidy.

The setting is complete and you can go to the code. Create a lambdaInVpc.go file in the root of the awsscripts folder or in any other folder inside of the awsscripts and open it.

Each go file starts with package. Since we need to run the go file directly instead of importing package should be main.

You also need to add a list of third-party modules that we will use

import (


The list of imports is followed by the main method, which is the entry point into the code. In main we will create an aws client.

func main() {
    mySession := session.Must(session.NewSession())
    client := lambda.New(mySession)
    lambdas := getLambdaFunctions(client)

This creates an aws session and a lambda client, and method getLambdaFunctions executed. As parameter it take newly created client. Now let’s start writing getLambdaFunctions.

func getLambdaFunctions(client *lambda.Lambda) []*lambda.FunctionConfiguration {
	input := &lambda.ListFunctionsInput{}

	var result []*lambda.FunctionConfiguration

	err := client.ListFunctionsPages(input,
		func(page *lambda.ListFunctionsOutput, lastPage bool) bool {
			result = append(result, page.Functions...)
			return !lastPage
	if err != nil {
		log.Fatal("Not able to get lambdas", err)
		return nil
	return result

Now let’s look at what’s going on here. To get the list of lambdas it is necessary to call method ListFunctions. But since this method returns only the first 50 lambdas, it does not suit us. Because if there are 51 or more lambdas on aws, the account will still return only the first 50. But aws has a method with pagination ListFunctionsPages, and it can be used here. The method takes two parameters, the first search parameter ListFunctionsInput in which you can specify the region, version and several other parameters. And the second is the method of pagination.

In the beginning we create two variables input of type ListFunctionsInput and result of type[]*lambda.FunctionConfiguration. Input will be passed to the ListFunctionsPages function and result will be used to store the execution result.

Then comes the call of ListFunctionsPages. This method returns only an error, the result of this method is assigned to the variable err and then there is a check whether this varialbe is not equal to nil. If the method returned nil then the program is terminated and the error is displayed.

In the function ListFunctionsPages there is a call of one more function which adds result of execution in a slice result. The internal function is called several times until we reach the last page. And in the end we return result.

Now that you have received a list of all lambdas, you need to filter out those in the VPC. For this purpose we will return again to the main method and to add there iterations on all lambdas with a condition.

	for _, l := range lambdas {
		if l.VpcConfig != nil && len(l.VpcConfig.SubnetIds) > 0 {

Here we iterate on result of execution of getLambdaFunctions and we will check up whether VpcConfig of function is not equal nil and whether the list of subnet is more than zero. Two checks are necessary because for some lambdas VpcConfig will be nil, and for others there will be a map in which there will be empty lists. Example

  SecurityGroupIds: [],
  SubnetIds: [],
  VpcId: ""

Now you can run the code and get the result. go run lambdaInVpc.go