Show HN: lambda-nat-proxy – Serverless proxy using Lambda and UDP NAT punching

Summary

Lambda NAT Proxy A serverless proxy implementation that uses NAT hole punching to establish QUIC tunnels through AWS Lambda functions. By coordinating through S3 and using UDP traversal techniques, it creates encrypted proxy connections without requiring any dedicated servers - just Lambda functions that spin up on demand. About This project evolved from exploring an unconventional idea: can AWS Lambda functions work as network proxies? Building on my earlier awslambdaproxy experiment, this implementation solves the performance and infrastructure challenges using NAT hole punching and QUIC protocol. The result is a serverless proxy that needs no EC2 instances, no SSH tunnels - just Lambda functions and clever networking. How It Works The system uses a three-phase approach to establish NAT traversal: 1. Coordination Phase Client discovers public IP via STUN protocol Writes session info (IP:port, session ID) to S3 bucket S3 event notification triggers Lambda function 2. NAT Hole Punching Both client and Lambda send UDP packets to each other's public endpoints Creates bidirectional NAT holes for subsequent traffic Uses session ID for packet correlation 3. QUIC Tunnel Establishment Client starts QUIC server on punched port Lambda connects as QUIC client through established hole Encrypted, multiplexed tunnel ready for traffic forwarding Traffic Flow: Browser → SOCKS5 → QUIC Tunnel → Lambda → Internet The Lambda function acts as an exit node, forwarding tunneled traffic to destination servers and relaying responses back through the QUIC connection. Architecture ┌─────────┐ SOCKS5 ┌──────────────┐ QUIC/UDP ┌─────────┐ HTTP/S ┌───────────┐ │ Browser │ ────────── │ lambda-nat- │ ──────────── │ Lambda │ ────────── │ Internet │ │ │ :1080 │ proxy │ │ Function│ │ Servers │ └─────────┘ └──────────────┘ └─────────┘ └───────────┘ │ ▲ │ session data │ S3 event ▼ │ ┌─────────────┐ │ │ S3 Bucket │ ────────────────────┘ │ (coord) │ └─────────────┘ Setup Prerequisites: AWS CLI configure...