Overview of the Feature / Motivation for or Use Case

When GitHub Enterprise Server is deployed on-premise on an intranet network with security network constraints (like DMZ from internet access ~ingress, http proxy for internet access ~egress), the VPC where deploying Lambda should have direct access to this on-premise GitHub.

This VPC should be routed with intranet network and lambda_subnet_ids & lambda_security_group_ids parameters should be used.

But in this case, the VPC has same network constraints than intranet network, so AWS API cannot be accessed directly (not know in DNS) and http proxy should be used ; because AWS API is an internet access.

=> Supporting http proxy for Lambda interactions with AWS API (SSM & EC2) could be useful.

Reproduce the Error

Detailled scale-up Lambda (for ssm access):

ERROR	Error: getaddrinfo ENOTFOUND ssm.eu-west-3.amazonaws.com
    at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:66:26) {
  errno: 'ENOTFOUND',
  code: 'ENOTFOUND',
  syscall: 'getaddrinfo',
  hostname: 'ssm.eu-west-3.amazonaws.com',
  '$metadata': { attempts: 1, totalRetryDelay: 0 }
}

Suggest a Fix

Implementing a proxy support for aws-sdk v3 (ssm.ts) & aws-sdk v2 (mainly runners.ts), when "classic" https_proxy environment variable is filled (on Lambda), from lambda_https_proxy Terraform parameter (sample value: http://foo:[email protected]:8080).

Pull-Request will be proposed with this suggestion.