0

I have a simple AWS Lambda function that sends an email using nodemailer. The provider is 'Gmail' with:

  SMTP_SECURE: true,
  SMTP_PORT: 465

The problem is the API gateway URL times out after 30456.58 ms with 504 Gateway Timeout. It's clearly mentioned in AWS documentation that it will timeout after the 30s and that is acceptable too.

The same thing happens when I directly invoke lambda from the AWS lambda console. It times out too. The thing which is not making a sense to me it

transporter.sendMail(mailOptions);

why these lines take more than 30 seconds? and also when API gateway timeout lambda also timeout. I have already attached VPC, subnet, and security having traffic from all and also enable less secure on google.

Cloudwatch logs clearly indicate that my code is not going beyond:

const info = await transporter.sendMail(mailOptions);

PS: Everything works like a charm on my local machine, the problem is only in the cloud function.

here are the security outgoings:

Security group outbound rules:

security group

Lambda function outbound rules:

this is coming in lambda console

Improve this question
3
  • 2
    Why are you attaching the Lambda function to a VPC? If it does not need to access resources in a VPC, leave it disconnected. This will allow the Lambda function to access the Internet directly. Commented Sep 5, 2020 at 3:12
  • @JohnRotenstein You are right I have removed that from my lambda function. I have one more lambda called auth for user authentication. It uses RDS and cloud watch. So, auth is in VPC. it need to access a non-vpc lambda. But it is not able to do so. Nothing happens simply timesout. Any idea? Commented Sep 5, 2020 at 15:34
  • @JohnRotenstein How about If I connect mailer service with api gateway. I mean I can simply make an http call to mailer from auth service. do I have any other option? NAT gateway is one option but I think that will be too expensive Commented Sep 5, 2020 at 15:35

1 Answer 1

Reset to default
2

If an AWS Lambda function is connected to a VPC, it can only obtain Internet access if the VPC has a NAT Gateway or NAT Instance configured.

This is because the Lambda function does not receive a public IP. Lambda functions should be configured to use private subnet(s), and then access the Internet via the NAT Gateway or NAT Instance.

Lambda Destination

If the Lambda function is invoked asynchronously, another option is to configure a Lambda Destination that triggers another Lambda function. This second Lambda function could be "outside" the VPC and connected to the Internet. The invocation is managed by the AWS service.

So, the flow would be:

Trigger --> Lambda 1 (does RDS stuff) --> Destination: Lambda 2 (does email stuff)

The first Lambda function could pass information to the second Lambda function for inclusion in the email.

API Gateway

Another option is to keep the Lambda function "outside" the VPC, but have it call API Gateway to retrieve information from 'inside' the VPC.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I tried the second option already, it is unable to communicate to a non vpc lambda(mailer) from a vpc lamda(auth). So this option is not working. I will have to take nat gateway.
How about- vpc lamda will publish to sns and non vpc lambda subscribe the topic. Will this work? Question is will I be able to access sns from non vpc lambda?
@DineshRawat Yes, you can use a VPC Endpoint for SNS to give a VPC direct access to Amazon SNS. Also, please note that my second option specifically uses a new Lambda feature called "Destinations" to call the second Lambda function. The first Lambda function does not directly call the second Lambda function. Instead, the AWS Service calls the second Lambda function, as defined in the Destination.
That seems something interesting. Can you please redirect me to some online documents?
Introducing AWS Lambda Destinations | AWS Compute Blog

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.