Reputation: 2378
Connect Lambda to Elasticache using Serverless framework
I'm trying to access AWS Elasticache cluster from a Lambda function using Serverless framework (v 0.5.6) without loosing access to Dynamodb. I have tried using this Gist with no luck. Inside the Lambda function, first thing I do is to connect to the Redis instance but I keep getting timeouts, I have double checked CloudFormation outputs variables and its visibility inside the function and Lambda Roles/Policies for VPC but still nothing... I haven't found either any guide on how to create VPCs and Security Groups with CloudFormation and Serverless in order to create Public and Private subnets, NATs and Internet gateways as suggested here. Can anyone help?
Upvotes: 6
Views: 8266
Answers (3)
Reputation: 844
Adding summary of how I setuped this:
create a new VPC
create 3 private subnets and 2 public subnet
- multiple subnets are created for redundancy
create a security group
- with inbound traffic to
- elastic cache port
- with outbound traffic to
- all ports for internet access
- with inbound traffic to
create a new IGW
- attach this IGW with VPC
create a new NAT
- select a public lambda
- public connectivity type
we need 2 route tables
- 1 for private subnets
- this will have NAT and private subnets
- another for public subnet with internet access
- this will have IGW and public subnets
- 1 for private subnets
lambda configuration
- attach IAM policies to lambda functions : AWSLambdaVPCAccessExecutionRole
- attach private subnets to lambda
- select security group for lambda
references:
https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/
https://docs.aws.amazon.com/lambda/latest/dg/services-elasticache-tutorial.html
Upvotes: 0
Reputation: 476
While it's not properly documented, you can actually configure VPC directly in the serverless config file (see link)
Version 0.5
# s-function.json
{
"name": "hello",
"runtime": "nodejs4.3",
"handler": "handler.hello”,
"endpoints": [],
"events": [],
"vpc": {
"securityGroupIds": ["sg-123456"],
"subnetIds": [
"subnet-abc1",
"subnet-abc2",
"subnet-abc3",
]
}
}
Version 1.0
# serverless.yaml
service: aws-hello
provider: aws
runtime: nodejs4.3
vpc:
securityGroupIds:
— "sg-123456"
subnetIds:
— "subnet-abc1"
— "subnet-abc1"
— "subnet-abc1"
functions:
foo: # inherits the VPC config
handler: src/handler.foo
bar: # overwrites the VPC config
handler: src/handler.bar
vpc:
securityGroupIds:
— "sg-999999"
subnetIds:
— "subnet-zzz9"
Upvotes: 2
Reputation: 201058
You will have to place the Lambda function inside the VPC that the ElastiCache cluster resides in. Of course once you do that the Lambda function only has access to resources that exist inside the VPC, so it will no longer have access to DynamoDB. The solution to that is to add a NAT gateway to the VPC, which will allow the Lambda function to access resources outside the VPC.
I would think that setting up the VPC and NAT gateway would fall outside the Serverless framework, but I'm not an expert in that framework. I would suggest looking into configuring that manually via the AWS console or doing it through something like CloudFormation, and then simply specifying in your Serverless framework configuration the VPC that it needs to use.
Upvotes: 5
Related Questions
- Testing Elasticache and Serverless AWS Lambda locally
- AWS Lambda connection timeout to Elasticache
- Read elasticache from lambda - Cant connect
- Deploying lambda function using serverless framework
- elasticache read and write data from lambda using AWS-SDK
- AWS Lambda and Redis
- How to apply Serverless to an existing Lambda
- Serverless Framework, setting up rest api lambda
- Connect to ElastiCache cluster from AWS Lambda function
- Why is my lambda not able to talk to elasticache?