AWS: connect to Neptune from lambda

Question

I'm trying to connect to Neptune from my lambda. Lambda configuration contains the same VPC, subnets and security groups as my neptune instance.

Also execution role of lambda has this policies : AmazonRDSFullAccess, AmazonRDSDirectoryServiceAccess, NeptuneFullAccess and AWSLambdaENIManagementAccess.

Anyway I have this error: Unable to connect to the remote server ---> System.Net.Http.HttpRequestException: No such device or address --->

Did I miss something?

Thanks

Answer 1

This definitely looks like a connectivity issue. The recommended way to manage such connections is 2 have 2 security groups:

1. client - A security group that you attach to all clients, like Lambdas, EC2 instances etc. The default outbound rule gives you outbound access to every resource in the VPC. You can tighten that if you'd like.
2. db - A security group that you should attach to your Neptune cluster. In this security group, edit hte inbound rules, and explicitly add a TCP rule that allows inbound connections to your database port (8182 is the default port).

You can attach the db security group to your cluster either during creation or by modifying existing clusters.

P.S. As a side note, your Lambda doesn't really need AmazonRDSFullAccess or NeptuneFullAccess roles unless you plan on making management API calls from the lambda, like issuing a CreateDBCluster request for example. Those IAM roles don't really have anything to do with a client being able to talk to a running DB cluster/instance.

Hope this helps.