1

I have an AWS lambda function to trigger daily importer jobs

I am using a "A starter AWS Lambda function." for this and the lambda_handler is quite simple. This is a pseudo code of what I am doing:

try:
    cron_job = CloudCron()
    status = redis_get_importer_status(db_key, key)
    if status != 'running': 
        cron_job.login()
        redis_set_importer_status(db_key, key, 'running')
        cron_job.start_importer()
except Exception:
    exc_traceback = traceback.print_exc()
    print(exc_traceback)

This function is triggered by a CloudWatch Event every 15 minutes.

The lambda function failed to run the lambda_handler and complained about not having an execution policy for the VPC. To resolve this issue, I attached AWSLambdaVPCAccessExecutionRole Policy for this role. While this ran my lamda_handler, there were other issues. The python requests module threw a ConnectionError when trying to login to the site. I increased the timeout to 5 minutes and memory to 1GB and still seeing this issue.

ConnectionError: HTTPSConnectionPool(host='test.site.com.au', port=443): Max retries exceeded with url: /auth/login (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 110] Connection timed out',))

I ran the same lambda_handler within my VPC and seems to be working seamlessly.

I finally removed the redis set status and get status in my lambda function and the VPC configuration in the lamba and ran the lamda_handler again and this seems to work without any issues.

I need the VPC configuration to set and get keys from the redis server.

Any help is appreciated!

Cheers!

Improve this question

1 Answer 1

Reset to default
3

Once you place the Lambda function inside your VPC it can only access resources inside the VPC. It can't connect to test.site.com.au because that resolves to a public IP address outside your VPC. You have a few options to get around this issue:

  • Add a NAT Gateway to your VPC. This will provide Internet access to your Lambda function.
  • If the site you are trying to access is running on a server inside your VPC, then use the private IP address instead of the DNS name. Alternatively, setup a Route53 private hosted zone in your VPC that resolves that DNS name to the private IP address.
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I have similar issue. and configured private Subnet with NAT Gateway, even so, still have no access to Internet. Any help?
@Kostanos I already replied to you in another question where you tacked on this exact comment. Please post your own question instead of spamming this comment on every related question.
Thank you @mark-b I already resolved it. My iisue was that I created NAT gateway inside of private subnet, when I should do it inside public subnet.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.