CODEWITHSUNDEEP
amazon-web-servicesaws-lambdaamazon-dynamodbserverless-frameworkaws-serverless
danielhep
danielhep

Reputation: 356

How to fix DynamoDB JS API blocking and timing out my Lambda function?

I'm attempting to access AWS DynamoDB from a Lambda function. When I call the document client's scan function using a promise, it never returns even when I extend the function's timeout to a whole minute.

I'm using Serverless platform, Node 8.10, and I've set up the "iamRoleStatements" to allow dynamodb and the table's ARN.

serverless.yml:

provider:
  name: aws
  runtime: nodejs8.10
  timeout: 6
  region: us-east-1
  iamRoleStatements:
    - Effect: Allow
      Action:
        - dynamodb:*
      Resource: "[arn from dynamodb]"

handler.js:

const dynamodb = new AWS.DynamoDB.DocumentClient()
...
...
...
    try {
      console.log('dynamodb go')
      attributes = await dynamodb.scan(queryParams).promise()
      console.log('dynamodb success')
      console.log(attributes)
    } catch (err) {
      console.log('dynamodb error')
    }

I'm expecting to get "dynamodb go" then "dynamodb success" or even "dynamodb error" in the console. However, after printing "dynamodb go" the function hangs and ends up timing out. Am I doing the promise wrong somehow? It seems like this should be the correct format based on what I've seen.

Upvotes: 0

Views: 535

Answers (1)

jarmod
jarmod

Reputation: 78573

It sounds like your Lambda function cannot connect to DynamoDB. That typically is caused by one thing - you are running the Lambda function in a VPC and the Lambda function has no viable route to DynamoDB (either over the public internet or to DynamoDB via a private VPC Endpoint).

Presumably you're running your Lambda function inside a VPC so that it can access your private RDS database, which would not otherwise be reachable over the public internet.

You have a couple of choices:

  1. give the Lambda function internet access so it can reach DynamoDB over the public internet
  2. add a VPC Endpoint for DynamoDB to the VPC so it can reach DynamoDB privately

Note that both are over TLS so are secure. The decision is whether or not to allow the Lambda function to have unfettered outbound internet access (#1), or to constrain it to DynamoDB (#2).

Upvotes: 1

Related Questions