0

I have created a serverless Redshift cluster and want to use lambda to read/write the data from Redshift.

  • Configured the VPC, subnet and security group in lambda
  • same VPC, subnet and security group is present for serverless Redshift.

My lambda is timing out without establishing Redshift connection.

I referred Unable to connect to aws redshift from python within lambda and ensured below :

  • Redshift Serverless VPC, subnet and security group is similar to lambda VPC, subnet and security group
  • lambda role has AWSLambdaVPCAccessExecutionRole

but still, I unable to establish redshift connection from lambda. It's not throwing any error but timing out.

Improve this question
1
  • What is the configuration of the Security Group on the Redshift cluster and the Security Group on the AWS Lambda function? Please note that using the same Security Group for both does not guarantee they can communicate with each other since Security Groups are applied individually to each resource. It is generally better to use separate Security Groups for the Lambda function and Database since each require different permissions. Commented Feb 20, 2024 at 20:55

1 Answer 1

Reset to default
0

You mention that you are using the "same VPC, subnet and security group is present for serverless Redshift".

Please note that using the same Security Group for both does not guarantee they can communicate with each other since Security Groups are applied individually to each resource. It is generally better to use separate Security Groups for the Lambda function and Database since each require different permissions.

I would recommend:

  • A Security Group for the Lambda function (Lambda-SG) that permits all Outbound access, and
  • A Security Group for the Database (DB-SG) that permits all Inbound access from Lambda-SG on port 5439 (Redshift)

That is, DB-SG specifically references Lambda-SG in the Inbound rules, which means that the Lambda function would be granted connectivity to the Database.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

alright ! Is it okay to use default VPC and default subnets for Redshift and lambda or should I create new VPC ?
You can use the Default VPC. The Lambda function should be connected to a private subnet. Typically databases go in a private subnet too, for extra security.
I am still stuck ! created a VPC, private subnets (no routing to IGW). created lambda-sg and allowed all outbound access, created redshift-sg and allowed lambda-sg to 5439 and all to all traffic. can it be related to IAM role or host? I am using conn = redshift_connector.connect( host='default-workgroup.339712756193.ap-south-1.redshift-serverless.amazonaws.com', database='dev', port=5439, user='admin', password='admin' )
When I try to resolve that DNS name, it converts to vpce-05ff39092ffa8a1ba-9lyevnb8.vpce-svc-0cea2c88600119d4f.ap-south-1.vpce.amazonaws.com. The vpce bit makes me think it is using a VPC Endpoint to connect with Redshift. If so, check the Security Group on the VPC Endpoint and make sure it is accepting inbound traffic from the Security Group associated with the Lambda function.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.