Unable to resolve connection to Neo4j database from AWS Lambda

Question

Good evening everybody,

I am trying to access my neo4j database hosted on a EC2 machine through a lambda function. Everything runs smooth, but oddly enough all the code that is inside a driver session doesn't execute. I already tested this piece of code on my local machine connected to a local instance of neo4j, and everything works smoothly.

This is the faulty piece of code, be ware that the code is incompleted but I hope it gives you an idea of how it should function.

def lambda_handler(event, context):


    # **This code runs** 

    message = (event['Records'][0]['Sns']['Message'])
    data = unpack(message)
    print('----------MESSAGE \n\n')
    print(message)
    print('----------DATA \n\n')
    print(data)
    
    
    preprocessor = Preprocessor(data)
    events = preprocessor.preprocess_events()
    print('----------EVENTS \n\n')
    print(events)
    
    driver = GraphDatabase.driver("bolt://54.229.49.225:7687", auth=('neo4j', 'hello'))
    
    with driver.session() as session:
        
        # **This code doesn't** 
        
        print('-----------------OPENING SESSION-----------------')
        session.write_transaction(tx1)
        session.write_transaction(tx2)
        session.write_transaction(tx3)

    driver.close()

    return {
        'statusCode': 200,
        'body': json.dumps('Loaded event <EVENT NAME>')
    }

---EDIT---

After increasing the timeout timer of my lambda function I now get a different error

Function Logs
START RequestId: 09235331-d238-4150-a489-5da005858596 Version: $LATEST
ciao
[ERROR] ServiceUnavailable: Timed out trying to establish connection to IPv4Address(('54.229.49.225', 7687))
Traceback (most recent call last):
  File "/var/task/lambda_function.py", line 18, in lambda_handler
    driver = GraphDatabase.driver("bolt://54.229.49.225:7687", auth=('neo4j', 'hello'))
  File "/var/task/neo4j/__init__.py", line 183, in driver
    return cls.bolt_driver(parsed.netloc, auth=auth, **config)
  File "/var/task/neo4j/__init__.py", line 196, in bolt_driver
    return BoltDriver.open(target, auth=auth, **config)
  File "/var/task/neo4j/__init__.py", line 359, in open
    pool = BoltPool.open(address, auth=auth, pool_config=pool_config, workspace_config=default_workspace_config)
  File "/var/task/neo4j/io/__init__.py", line 535, in open
    seeds = [pool.acquire() for _ in range(pool_config.init_size)]
  File "/var/task/neo4j/io/__init__.py", line 535, in <listcomp>
    seeds = [pool.acquire() for _ in range(pool_config.init_size)]
  File "/var/task/neo4j/io/__init__.py", line 549, in acquire
    return self._acquire(self.address, timeout)
  File "/var/task/neo4j/io/__init__.py", line 413, in _acquire
    connection = self.opener(address, timeout)
  File "/var/task/neo4j/io/__init__.py", line 532, in opener
    return Bolt.open(addr, auth=auth, timeout=timeout, routing_context=routing_context, **pool_config)
  File "/var/task/neo4j/io/__init__.py", line 193, in open
    s, pool_config.protocol_version, handshake, data = connect(
  File "/var/task/neo4j/io/__init__.py", line 1052, in connect
    raise last_error
  File "/var/task/neo4j/io/__init__.py", line 1042, in connect
    s = _connect(resolved_address, timeout, keep_alive)
  File "/var/task/neo4j/io/__init__.py", line 940, in _connect
    raise ServiceUnavailable("Timed out trying to establish connection to {!r}".format(resolved_address))END RequestId: 09235331-d238-4150-a489-5da005858596
REPORT RequestId: 09235331-d238-4150-a489-5da005858596  Duration: 30033.06 ms   Billed Duration: 30034 ms   Memory Size: 256 MB Max Memory Used: 111 MB

Which suggests that there may be some connection issues although I am able to run the same script from my local machine successfully

Answer 1

I encountered this problem with a nodejs version of AWS Lambda.

The problem is public Lambdas will not be able to route to the EC2 instance running neo4j. The lambda must be deployed in a VPC that has a route back to the EC2 instance running neo4j.

The second benefit is the security group for the EC2 instance can be set to allow only CIDR ranges from the VPC that the lambda is deployed in.