When the python lambda function is executed I get "Task timed out after 3.00 seconds" error. I am trying the same example function.
When I try to run the same code from eclipse it works fine and I can see the query result. Same way I can connect to the db instance from local-machine Mysql workbench without any issues.
I tried creating a role with with full administrator access policy for this lambda function and even then its not working fine. The db instance has a vpc and I just added my local ip address there using the edit CIDR option so I can access the instance through my local machine workbench. For VPC, subnet and security group parameter in lambda function I gave the same values as I have in the RDS db instance.
I have also increased the timeout for lambda function and still I see the timeout error.
Any input would be appreciated.
-
Would the subject be better worded as "AWS Lambda" - this isn't about the python `lambda` keyword. – tdelaney May 06 '17 at 17:14
1 Answers
For VPC, subnet and security group parameter in lambda function I gave the same values as I have in the RDS db instance.
Security groups don't automatically trust their own members to access other members.
Add a rule to this security group for "MySQL" (TCP port 3306) but instead of specifying an IP address, start typing s g into the box and select the id of the security group that you are adding the rule to -- so that the group is self-referential.
Note that this is probably not the correct long-term fix, because if your Lambda function needs to access the Internet or most AWS services, the Lambda function needs to be on a private subnet behind a NAT device. That does not describe the configuration of the subnet where your RDS instance is currently configured, because you mentioned adding your local IP to allow access to RDS. That suggests your RDS is on a public subnet.
See also Why Do We Need Private Subnets in VPC for a better understanding of public vs. private subnets.
- 1
- 1
- 169,571
- 25
- 353
- 427
-
Thank you. It worked. Although I have to choose All instead of MySQL. I will also read your link to do it in right way. One question though, I assume security groups are like firewalls, which has inbound and outbound ip's, if that is the case by self referencing are we giving the same set of ups again or whats actually happening by self referencing. – santhosh May 08 '17 at 13:57
-
When an inbound rule in a security group references the ID of a security group instead of an IP address, that allows traffic from any elastic network interface (ENI) that is attached to a member of that group to match the rule. It is not like an "include" -- it does nothing related to the other rules in the group -- it just allows you to configure rules by source group ID rather than by source IP, and when a group needs to accept traffic from other members of the same group, the rule is self-referencing so that the group allows traffic from its own members. – Michael - sqlbot May 08 '17 at 15:01
-
Elastic Network Interfaces (ENIs) are the virtual NIC cards that give instances their internal IP address. You'll also find them attached to Lambda containers, RDS instances, Elastic Load Balancers, and a few other things. See Network Interfaces on the left hand pane of the EC2 console. Usually, these are created and deleted automatically by the systems that use them. – Michael - sqlbot May 08 '17 at 15:04
-
1