Accessing Amazon Aurora from Lambda?

Question

I am a beginner in AWS development and I had a question regarding accessing amazon aurora from lambda.

I have read that all instances of Amazon Aurora needs to be created inside a VPC. However, it seems that Lambda will incure massive latency for setting up elastic network interface (ENI) everytime it tried to access resources which is inside a VPC

https://medium.freecodecamp.org/lambda-vpc-cold-starts-a-latency-killer-5408323278dd

Since this could increase the cold start time by around 10s , is there a way to avoid this ENI setup latency while using Lambda to access Amazon RDS?

Answer 1

No. There is currently no "good" way to reliably prevent the coldstart.

(1) Yes, keeping the lambda function warm can help reduce the problem, but it will still be present.

(2) The only way would be if you run your rds "outside" a VPC (i.e. make it publicly available) and secure it using security groups. But this is a really bad idea for a lot of reasons (lambda ip addresses change so you need to leave the rds instance wide open for any attacker, violates aws best practices, etc).

AWS lambda + rds is currently not suitable if you need responsiveness. That's why Amazon is pushing the use of dynamodb with lambda so much (since that uses https).

Tldr if you need responsiveness + security stay away from lambda + rds.

Answer 2

What you need to do is make sure your lambda role has the AWSLambdaVPCAccessExecutionRole policy attached to it.

Your ENI is created on cold start. Avoid the cold start by creating another lambda to invoke your current lambda on a schedule to keep it warm.