Reputation: 13
AWS lambda function ConnectionError when configured with VPC
I have an AWS lambda function to trigger daily importer jobs
I am using a "A starter AWS Lambda function." for this and the lambda_handler is quite simple. This is a pseudo code of what I am doing:
try:
cron_job = CloudCron()
status = redis_get_importer_status(db_key, key)
if status != 'running':
cron_job.login()
redis_set_importer_status(db_key, key, 'running')
cron_job.start_importer()
except Exception:
exc_traceback = traceback.print_exc()
print(exc_traceback)
This function is triggered by a CloudWatch Event every 15 minutes.
The lambda function failed to run the lambda_handler and complained about not having an execution policy for the VPC. To resolve this issue, I attached AWSLambdaVPCAccessExecutionRole Policy for this role. While this ran my lamda_handler, there were other issues. The python requests module threw a ConnectionError when trying to login to the site. I increased the timeout to 5 minutes and memory to 1GB and still seeing this issue.
ConnectionError: HTTPSConnectionPool(host='test.site.com.au', port=443): Max retries exceeded with url: /auth/login (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 110] Connection timed out',))
I ran the same lambda_handler within my VPC and seems to be working seamlessly.
I finally removed the redis set status and get status in my lambda function and the VPC configuration in the lamba and ran the lamda_handler again and this seems to work without any issues.
I need the VPC configuration to set and get keys from the redis server.
Any help is appreciated!
Cheers!
Upvotes: 1
Views: 5286
Answers (1)
Reputation: 200998
Once you place the Lambda function inside your VPC it can only access resources inside the VPC. It can't connect to test.site.com.au because that resolves to a public IP address outside your VPC. You have a few options to get around this issue:
- Add a NAT Gateway to your VPC. This will provide Internet access to your Lambda function.
- If the site you are trying to access is running on a server inside your VPC, then use the private IP address instead of the DNS name. Alternatively, setup a Route53 private hosted zone in your VPC that resolves that DNS name to the private IP address.
Upvotes: 3
Related Questions
- Unable to connect to S3 from Lambda/Python/Boto3 when VPC is enabled
- Not able to connect with mongo from AWS lambda functionin python
- Lambda in VPC cannot connect to AWS services
- Lambda in VPC has Connection Error against AWS API
- AWS Lambda unable to ping EC2 instance within VPC
- Unable to invoke second lambda within VPC - Python AWS Lamba Function
- Error Connecting to Oracle with Lambda using VPC
- Issue with VPC attached to Lambda function
- AWS lambda function can't reach the internet
- AWS Lambda Function not joining VPC