0

I have 2 lambda functions that are in the same VPC. I want one to call the other, but it always times out. I understand that you cant make requests outside of the vpc, but these are in the same region on the same vpc.

I did follow the instructions in the answer for AWS lambda invoke not calling another lambda function - Node.js , but it doesnt seem to have made a difference.

I created a new VPC, created 2 subnets (named one public and the other private), created an internet gateway, created a NAT gateway using the public subnet and a new elastic IP, and added the routing tables as described in the stackoverflow answer. It doesnt seem to help.

If I disassociate both lambda functions with the VPC is works fine, so I know that the VPC is at least related to my issue.

To be clear, I dont fully understand how all of this works. When you associate a VPC with a Lambda function, I need to include 1 or more subnets. Should both lambda function use both subnets? Should 1 use the private and the other the public? Does it even matter?

I am using the default Security Group, which I believe allows all Inbound and Outbound communication. Is there an obvious answer that I am not seeing? Is there a way to debug this, such as logging traffic to and from the VPC?

Thanks

UPDATE As requested, here are the default security group rules that have been applied:

Inbound Rules

Outbound Rules

UPDATE 2 Since it has come up a few times, I haved create a NAT Gateway.

  • Both Lambda functions are in the same VPC.
  • I have a Private Subnet that is attached to my NAT Gateway with an Elastic IP
  • I have a Public Subnet that is Routed to my Internet Gateway
  • Both Lambda Function include both the Public and Private Subnets in their configuration

All but the last list item were done following the instructions in the SO question I have linked to. Including the public and private subnets in the Lambda function configuration is more a product of me not knowing exactly how it should be configured. Let me know if there is any additiona information I should inlcude.

bsayegh
  • 990
  • 6
  • 17
  • 1
    `which I believe allows all Inbound and Outbound communication` - don't make assumption. Post the rules of the SG. – helloV Jan 08 '18 at 18:36
  • Can the lambda in VPC access any internet resources, like an S3 endpoint? – FelixEnescu Jan 08 '18 at 18:42
  • @blueCat I will need to check that out. We arent using any other aws services at the moment, though we are going to so I can create and S3 bucket now and see what happens. – bsayegh Jan 08 '18 at 18:48
  • @blueCat I attempted to retrieve data from DynamoDB and get the same issue. I didnt do anything special while configuring DynamoDB, just created a table with a single document in it. – bsayegh Jan 08 '18 at 19:33
  • It seems that your (first) problem is that lambda can not access the Internet. Did you attach it to private subnet with Internet access through an Amazon VPC NAT gateway? – FelixEnescu Jan 08 '18 at 20:25
  • @blueCat Yes, I followed the instructions in the answer to the other SO question. Then when creating BOTH Lambda functions I included VPC and the private subnet in the configuration. Would both functions need to be configured with the same Subnet or is there a different way that I should be configuring it? – bsayegh Jan 08 '18 at 20:31
  • @bsayegh the subnets they are in does not matter, they certainly don't need to be in the same subnet, since they aren't communicating with each other directly..., but whatever subnet(s) they are in have to have a route to the NAT Gateway. – Mark B Jan 08 '18 at 20:47
  • @bsayegh I just read your latest update. You can't configure the Lambda functions to be deployed in both the public and private subnets... You have to configure them to be deployed **ONLY** in the private subnet(s) that have a route to the NAT Gateway. – Mark B Jan 08 '18 at 21:04

0 Answers0