it turns out, after much cursing and pulling hair, that Lambda functions only work well (can connect out to the Internet) on the private subnet of a public/private VPC pair, and EC2 instances can only be reached if placed on the public subnet. although, both the console and API happily accept the wrong setting, and in fact for the instances, the console always defaults to the private, i.e. nonfunctional, subnet setting.
last updated 2016-12-13 14:45:54. served from tektonic.jcomeau.com