Reputation: 347
Accessing RDS from Lambda
RDS Database details:
I have an publicly accessible RDS database which is restricted to be accessible to only specific IP address.
The RDS have 2 security groups attached to the RDS:
- 1st security group allows a specific IP address to access it.
- 2nd security group allows multiple specific IP addresses to access it.
Note: I know I can just keep a single security group for this purpose.
This RDS database have the default VPC and 3 public subnets. All these subnets have 2 routes in route tables:
- Destination: default vpc's cidr range and Target: local
- Destination: 0.0.0.0/0 and Target: internet gateway
Lambda function details:
I have a lambda function, which does not have any vpc configured.
I am trying to access the RDS database from code in the lambda function. Since lambda doesn't have any specific IP address, I couldn't add inbound rule in RDS's security group to allow it. When I simply add inbound rule in RDS's security group to allow access from all IPs then my lambda function code is able to connect to RDS database and work with it.
I wouldn't want my RDS database to be allowed access from anywhere on the internet, what configuration/settings do I need to make to be able to access RDS from lambda.
I also tried configuring the lambda function to be in same vpc and same subnets as that of for RDS instance; but I haven't been successful in making a connection to the RDS database.
Upvotes: 0
Views: 2844
Answers (1)
Reputation: 1226
Best in this case is to use the same VPC for your lambda as the RDS instance. This is cheaper and is more secure. You don't have to setup a internet gateway and elastic IP. And you can only access your RDS instance from within the VPC.
You can enable this using Lambda management console. Select Lambda function which need access to RDS instance and then go to Configuration -> Advanced settings and select the VPC (which is your RDS instance is in) you need it to access.
For instances attached to the same security group—make the security group the source for the inbound rule and the destination for the outbound rule.
For instances in different security groups—make sure that both security groups allow access to one another.
If this is still not working check the error message that is returned when setting up the connection with RDS. Timeout means issue with network.
find out more here https://aws.amazon.com/premiumsupport/knowledge-center/connect-lambda-to-an-rds-instance/
Upvotes: 4
Related Questions
- Can't access to RDS from Amazon Lambda, same VPC and correct role permissions
- Lambda in VPC access RDS
- Allow AWS Lambda to access RDS Database
- Unable to connect to Public RDS in VPC via Lambda
- How to properly connect AWS Lambda to RDS in VPC?
- Access RDS from VPC Lambda
- AWS Lambda access to RDS outside VPC
- 'no vpc' AWS Lambda accessing RDS in VPC
- Lambda can not access RDS though those are in the same VPC
- Security group for AWS Lambda to access RDS