0

I've recently gotten into AWS Serverless Architecture with .NET Core 1.0. In my application we use Elasticsearch on its own machine in order to maintain it. What I am trying to do is use AWS Elasticsearch Service from AWS API Gateway which is being proxied by AWS Lambda. (I believe I have typed this correctly)

When ever my code accesses my Elasticsearch domain I receive a timeout error. As of right now, my Elasticsearch domain is left wide open so anyone can access the information. I would like to lock it down for only the API Gateway and Lamda function.

I've tried messing with the policies and roles to no success. Has anyone tried to do what I am trying to do, if so, how were they able to connect it? Or is there a better way?

Arafat Nalkhande
  • 11,078
  • 9
  • 39
  • 63
sroye98
  • 173
  • 2
  • 11
  • 1) All resources in same region (or) different region? 2) Resources have proper policies attached? 3) Are you sure your request can be processed quickly and not code issue? Most of the time out issues will revolve around these – kosa Apr 25 '17 at 21:24
  • 1) I've checked to see if I can find the regions. I'm not able to find the region for Elasticsearch nor the API Gateway. The process to deploy the Lambda and API Gateway was done through Amazon AWS Toolkit for Visual Studio so I hope they are in the same region. 2) I'm not sure about the policies. I think that is where I might have issues. What should be the practice on this, how would I go about making the right policies on these services? 3) As far as my code, I've run unit tests and from my local development environment to AWS Elasticsearch, a search request takes about 1 second. – sroye98 Apr 25 '17 at 22:52
  • Looks like there is a [nice example](https://github.com/awslabs/amazon-elasticsearch-lambda-samples/blob/master/src/s3_lambda_es.js) from ElasticSearch for how to access the ElasticSearch domain from a Lambda function. You can find more in [this documentation](http://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-aws-integrations.html). – Ka Hou Ieong Apr 26 '17 at 04:06
  • After messing around with AWS and my code. I have realized that it has to do something with the way my VPC/Security Groups are configured. How does one allow access to internet outside of the VPC? I've set Outbound to All Traffic on All Ports on 0.0.0.0/0 still no luck reaching outside services. Anyone have an idea on how to configure the security group? – sroye98 Apr 26 '17 at 19:31
  • I have a NAT Gateway configured on both of the subnets as well. – sroye98 Apr 26 '17 at 19:31

1 Answers1

0

The simple solution is to put all of your services out of the VPC they are in right now (I believe they are not in the same one, as your IO calls get timed out).

My answer here would give you a nice background on AWS Lambda with VPC and why external IO calls time out.

AWS lambda invoke not calling another lambda function - Node.js

note: the answer is not related to NodeJS.

Community
  • 1
  • 1
johni
  • 5,342
  • 6
  • 42
  • 70