1

I've followed several tutorials and added different IAM configurations and security groups to keep things as open and obvious as possible and nothing has worked. Here is the debug log, and the main error pasted below. Let me know if there's any other data I should add to make this clear.

[DEBUG] 2016-09-22T13:57:40.965Z    5b770867-80cc-11e6-b5b8-018d2de39616    ConnectionError received when sending HTTP request.
Traceback (most recent call last):
File "/var/runtime/botocore/endpoint.py", line 174, in _get_response
proxies=self.proxies, timeout=self.timeout)
File "/var/runtime/botocore/vendored/requests/sessions.py", line 573, in send
r = adapter.send(request, **kwargs)
File "/var/runtime/botocore/vendored/requests/adapters.py", line 419, in send
raise ConnectTimeout(e, request=request)
ConnectTimeout: HTTPSConnectionPool(host='firehose.us-east-1.amazonaws.com', port=443): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<botocore.awsrequest.AWSHTTPSConnection object at 0x7fbbc4c92c10>, 'Connection to firehose.us-east-1.amazonaws.com timed out. (connect timeout=60)'))

Debug Output from lambda log in Cloudwatch

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Caullyn
  • 146
  • 11
  • Is your Lambda function running inside your VPC? And if so, do you have a NAT Gateway in your VPC? – Mark B Sep 22 '16 at 16:45
  • It's in a VPC, but we do not have a NAT. Do I have to send this outside of the VPC to reach Kinesis? I just want it to end up in an RDS instance in the same VPC... I'm looking at changing my lambda function to just insert the records to RDS instead of bothering with kinesis... it was taken me way too long – Caullyn Sep 22 '16 at 18:46
  • The Kinesis service isn't running inside your VPC, so yes you have to send the request outside the VPC. You'll need a NAT gateway for that. – Mark B Sep 22 '16 at 19:18

2 Answers2

1

Please follow my answer in this thread. This will explain how to make lambda contact any service on the internet (such as S3, kinesis and so).

Community
  • 1
  • 1
johni
  • 5,342
  • 6
  • 42
  • 70
  • Thanks, johni. This is totally overkill just to add kinesis, I have managed to write my solution just using lambda and s3. If I ever need to incorporate it, this seems like a viable and secure method. – Caullyn Oct 19 '16 at 16:24
  • The "Simple Solution" doesn't fit your needs? you might not need VPC at all. More over, say you needed to use S3 API - there was a built in solution for that, and you would not need to setup the VPC as described in the other post - AWS added support for this specifically. Hopefully they will do the same for Kinesis and more (if not already, I'm not updated). – johni Oct 19 '16 at 16:36
0

Currently you can't connect a Lambda task directly to Kinesis Firehose, only to Kineses Streams. One way around this is to let Firehose write a file to S3 and then trigger a Lambda task via S3 event notifications.

disco crazy
  • 31,313
  • 12
  • 80
  • 83