mafrosis
Reputation: 2770
Lambda cannot connect to RDS in VPC
I have a VPC with RDS available in a private subnet. I can connect to this from an EC2 box from within the subnet. However, my Lambdas cannot connect!
Please could you look at the following configuration and spot my mistake?
Lambda config:
$ aws lambda get-function-configuration --function-name test
{
"FunctionName": "test",
"Role": "arn:aws:iam::xxxx:role/lambda_role",
...
"VpcConfig": {
"SubnetIds": [
"subnet-00f3f0cb6957dbefa",
"subnet-0d3d2cf4df53a862f"
],
"SecurityGroupIds": [
"sg-018da51b77f57eabf"
],
"VpcId": "vpc-0704ca4d3f652fe9e"
},
...
"RevisionId": "e55b6fa2-998a-4b18-a620-69a218882b4e"
}
Execution role:
$ aws list-attached-role-policies --role-name lambda_role
{
"AttachedPolicies": [
{
"PolicyName": "AWSLambdaVPCAccessExecutionRole",
"PolicyArn": "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
}
]
}
VPC:
$ aws ec2 describe-vpcs --vpc-ids vpc-0704ca4d3f652fe9e
{
"Vpcs": [
{
"CidrBlock": "10.1.0.0/16",
"DhcpOptionsId": "dopt-7764271f",
"State": "available",
"VpcId": "vpc-0704ca4d3f652fe9e",
"InstanceTenancy": "default",
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0c110a5fa85eb8883",
"CidrBlock": "10.1.0.0/16",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": false,
"Tags": []
}
]
}
Security Group:
$ aws ec2 describe-security-groups --group-ids sg-018da51b77f57eabf
{
"SecurityGroups": [
{
"Description": "Security group for Lambdas",
"GroupName": "lambda-sg",
"IpPermissions": [],
"OwnerId": "xxxxx",
"GroupId": "sg-018da51b77f57eabf",
"IpPermissionsEgress": [
{
"FromPort": 0,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 65535,
"UserIdGroupPairs": []
}
],
"VpcId": "vpc-0704ca4d3f652fe9e"
}
]
}
RDS security group (specifies both public and private subnets):
$ aws ec2 describe-security-groups --group-ids sg-0fbf7205b5d5fa98c
{
"SecurityGroups": [
{
"Description": "Security group for RDS instance",
"GroupName": "rds-sg",
"IpPermissions": [
{
"FromPort": 3306,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.1.2.0/24"
},
{
"CidrIp": "10.1.1.0/24"
},
{
"CidrIp": "10.1.4.0/24"
},
{
"CidrIp": "10.1.3.0/24"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 3306,
"UserIdGroupPairs": []
}
],
"OwnerId": "xxxxxx",
"GroupId": "sg-0fbf7205b5d5fa98c",
"IpPermissionsEgress": [],
"VpcId": "vpc-0704ca4d3f652fe9e"
}
]
}
Linked: AWS Lambda Function not joining VPC
Upvotes: 1
Views: 561
Answers (1)
Eric des Courtis
Reputation: 5445
Try to enable ICMP on any security group and any network ACL. It could simply be a PMTUD blackhole situation.
Upvotes: 0
Related Questions
- Not able to connect to rds instance from lambda
- Lambda in VPC access RDS
- Lambda function times out trying to connect to RDS if in VPC, but doesn't if outside VPC
- Troubleshooting Lambda to RDS connection with VPC peering
- Unable to connect to Public RDS in VPC via Lambda
- How to properly connect AWS Lambda to RDS in VPC?
- Access RDS from VPC Lambda
- AWS Lambda access to RDS outside VPC
- 'no vpc' AWS Lambda accessing RDS in VPC
- Lambda can not access RDS though those are in the same VPC