If your VPC Lambda can't reach the internet, this walks you through the NAT Gateway setup you need. It covers creating the NAT infrastructure, splitting public and private subnets, configuring route tables with the 0.0.0.0/0 routes, and fixing security groups. The troubleshooting section is helpful for the usual gotchas like route table associations and the 1-2 minute propagation delay that catches everyone. This is pretty focused on one specific problem, which is good because VPC networking has enough moving parts that having the exact procedure referenced beats trying to remember whether the route goes in the public or private subnet route table.
npx skills add https://github.com/aws/agent-toolkit-for-aws --skill enabling-lambda-vpc-internet-access