当 AWS Lambda 运行在 VPC 中，访问其他 AWS 服务时，必须使用私有网络访问点 (VPC 终端点) 或 NAT 网关。但是，某些服务没有对应的 VPC 终端点类型。这个问题可以通过使用代理（例如跨区域 VPC 启用）或配置 NAT 网关来解决。

以下是使用 NAT 网关的 Python 代码示例：

import json
import urllib.parse
import boto3

print('Loading function')

s3 = boto3.client('s3')
ec2 = boto3.client('ec2')

def lambda_handler(event, context):

    # Get instance ID from EC2 metadata
    instance_id = urllib.request.urlopen('http://169.254.169.254/latest/meta-data/instance-id').read().decode()

    # Get VPC ID and subnet ID for instance
    response = ec2.describe_instances(InstanceIds=[instance_id])
    vpc_id = response['Reservations'][0]['Instances'][0]['VpcId']
    subnet_id = response['Reservations'][0]['Instances'][0]['SubnetId']

    # Create NAT Gateway
    response = ec2.create_nat_gateway(
        AllocationId='ALLOC_ID',
        SubnetId=subnet_id
    )

    # Wait for NAT Gateway to be available
    nat_id = response['NatGateway']['NatGatewayId']
    ec2.get_waiter('nat_gateway_available').wait(NatGatewayIds=[nat_id])

    # Update route table for private subnet(s) to use NAT Gateway
    response = ec2.describe_route_tables(Filters=[{'Name': 'vpc-id', 'Values': [vpc_id]}])
    for table in response['RouteTables']:
        for route in table['Routes']:
            if 'GatewayId' in route and route['GatewayId'] == 'local':
                association_id = route['RouteTableAssociationId']
                ec2.replace_route(RouteTableId=table['RouteTableId'], DestinationCidrBlock=route['DestinationCidrBlock'], NatGatewayId=nat_id)
                print('Updated route