Reputation: 21
AWS How to Invoke SSM Param Store using Private DNS Endpoint from Lamda function Nodejs
Hi have requirement where credential needs to be stored in SSM Param store and will be read by Lambda function which sits inside an VPC, and all the subnets inside my VPC is public subnet. So when I am calling SSM Param store using below code I am getting timed out error.
const AWS = require('aws-sdk');
AWS.config.update({
region: 'us-east-1'
})
const parameterStore = new AWS.SSM();
exports.handler = async (event, context, callback) => {
console.log('calling param store');
const param = await getParam('/my/param/name')
console.log('param : ',param);
//Send API Response
return {
statusCode: '200',
body: JSON.stringify('able to connect to param store'),
headers: {
'Content-Type': 'application/json',
},
};
};
const getParam = param => {
return new Promise((res, rej) => {
parameterStore.getParameter({
Name: param
}, (err, data) => {
if (err) {
return rej(err)
}
return res(data)
})
})
}So I created vpc endpoint for Secrets Manager which has with Private DNS name enabled.
Still I am getting timed out error for above code.
Do I need change Lambda code to specify Private DNS Endpoint in Lambda function
Below Image contains outbound rule for subnet NACL
Below Image contains outbound rule for Security Group
Upvotes: 0
Views: 497
Answers (1)
Reputation: 21
I managed to fix this issue. The root cause of this problem was all the subnets were public subnet. Since VPC endpoints are accessed privately without internet hence the subnets associated with Lambda function should be private subnet.
Here are the below steps I have take to fix this issue
- Created a NAT Gateway in side VPC and assigned one elastic IP to it
- Created new route table and pointed all the traffics to NAT gateway created in steps 1
- Attached new route table to couple of subnets (which made them private)
- then attached only private subnets to Lambda function
Other than this IAM role associated with Lambda function should have below 2 policy to access SSM Param store
- AmazonSSMReadOnlyAccess
- AWSLambdaVPCAccessExecutionRole
Upvotes: 0
Related Questions
- Accessing Parameter Store from VPC / Lambda
- AWS invoke local Lambda Endpoint with Node.js SDK
- How to access SSM Parameter Store from SAM lambda local in node
- Reading AWS Param Store from Lambda
- how to invoke a request to a network load balancer(nlb) vpc endpoint from a lambda function in aws
- Accessing AWS SSM Parameters in NodeJS Lambas
- Consume third party Api on AWS-Lamda function using node.js
- How to connect serverless lambda functions to custom domain
- How to access SSM Parameter Store Values through AWS Lambda Function Environment Variables using Serverless Framework?
- Access SSM parameters from parameter store