Reputation: 386
Lambda function times out when connecting to a boto3 client
The Problem
I am trying to set up a lambda function to do some tasks on ec2. I keep running into a timeout error. A minimal example reproducing the problem is as follows:
import boto3
REGION = "us-west-2"
ec2 = boto3.client('ec2', region_name=REGION)
def main(event, context):
region = ec2.describe_regions()
return region
The lambda function is called lambda_function and the handler is lambda_function.main. The runtime environment is Python 3.6, Python 3.7 or Python 3.8 (and I have the same error in each).
This function returns the following error:
Response:
{
"errorMessage": "2020-11-27T05:26:27.739Z xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Task timed out after 20.02 seconds"
}
Request ID:
"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
Function logs:
START RequestId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Version: $LATEST
END RequestId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
REPORT RequestId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Duration: 20020.38 ms Billed Duration: 20000 ms Memory Size: 128 MB Max Memory Used: 81 MB Init Duration: 343.37 ms
2020-11-27T05:26:27.739Z xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Task timed out after 20.02 seconds
Permissions and Policies
The lambda function is running with a role with the following permissions:
- AmazonEC2FullAccess
- AWSLambdaFullAccess
- CloudWatchLogsFullAccess
The user that is setting up the lambda function has the following permissions:
- AmazonRDSFullAccess
- AmazonEC2FullAccess
- SecretsManagerReadWrite
- AWSLambdaFullAccess
- AmazonS3FullAccess
- AmazonDynamoDBFullAccess
- AWSLambda_FullAccess
- EC2InstanceConnect
If I run the commands from my terminal, using the same credentials that this IAM user has, I get the expected output.
$ aws ec2 describe-regions
{
"Regions": [
{
"Endpoint": "ec2.eu-north-1.amazonaws.com",
"RegionName": "eu-north-1",
"OptInStatus": "opt-in-not-required"
},
...]
}
Network and security groups
The lambda is assigned to the default VPC of the IAM user. The security groups attached to this lambda function are the default security group for this VPC, and some additional security groups allowing some additional access.
What is causing the timeout? How do I fix this?
Upvotes: 2
Views: 3325
Answers (1)
Reputation: 5230
It is most likely that your function does not have internet access for a workload that require connecting to internet endpoints
By default, Lambda inside VPCs will not have access to the Internet
To enable Internet access, you will need to configure NAT Gateways or Instances
Upvotes: 4
Related Questions
- Timeout while starting an EC2 instance from AWS Lambda using boto3
- Aws lambda not showing "Task timed out" error while connecting rds with boto3
- 504 timeout accessing S3 from Lambda with boto3
- AWS Lambda using boto3.client('iot-data') TIMEOUT as of 2021-01-26
- AWS Lambda Python Boto3 client.invoke() times out no matter what parameters are entered
- invoking lambda with boto doesn't respect timeout
- Trying to connect to Boto3 Client from AWS Lambda and Receiving Timeout
- AWS Lambda timesout with boto3.resource('s3')
- aws lambda loop timeout
- AWS Lambda function using Boto3 timeout