AWS Lambda Powered HTTP/SOCKS Web Proxy

October 20, 2016
proxy privacy golang aws lambda

I recently released a project called awslambdaproxy which is an AWS Lambda powered HTTP/SOCKS web proxy. It provides a constantly rotating IP address for your network traffic from all regions where AWS Lambda is available.


This is a project I wanted to build for a long time and I finally got some time to create a prototype. The goal of awslambdaproxy is to obfuscate your traffic and make it harder to track you as a user on the internet. In order to do this, it takes advantage of one of the unique properties of AWS Lambda which is that it has a massive pool of available IP addresses.

How does it work

At a high level, it proxies TCP/UDP traffic through AWS Lambda regional endpoints. To do this, awslambdaproxy is setup on a publicly accessible host (e.g. EC2 instance) and it handles creating Lambda functions that run a proxy server. Since Lambda does not allow you to connect to bound ports in executing functions, a reverse SSH tunnel is established from the executing Lambda function to the host running awslambdaproxy. Once a tunnel connection is established, all user traffic is forwarded from a port on awslambdaproxy host, through this reverse tunnel to the proxy server running in the executing Lambda function. Lambda functions have a max execution time of 5 minutes, so there is a goroutine that continuously executes Lambda functions to ensure there is always a live tunnel in place. If multiple regions are specified, user traffic will be routed in a round robin fashion across these regions.

Remaining problem to solve

There is still a fundamental problem that I’m not sure can be solved which is that long running connections will be dropped every 5 minutes when a new function is executed. In order to prevent this, there would need to be some way to migrate TCP state from one function to another.


If any of this sounds interesting, go grab the latest release of dosxvpn and try it out.

One Click Personal VPN Server on DigitalOcean

March 15, 2017
vpn privacy golang osx digitalocean jquery

Let's Encrypt CloudFront Cert Renewal with Lambda

January 2, 2016
aws lambda cloudfront letsencrypt ssl