Accessing DynamoDB within VPC-enabled Lambda functions

DynamoDB, by default, is accessed via HTTP/HTTPS endpoints and cannot be accessed from within a VPC.

You must add a VPC endpoint for DynamoDB to your VPC in the VPC console, instructions are in this article: https://aws.amazon.com/blogs/aws/new-vpc-endpoints-for-dynamodb/

The same applies to SQS - a VPC endpoint for SQS must be created to access it from within a VPC-enabled Lambda function.

WARNING: VPC endpoints are charged (around $8 per month per endpoint!).