0

I'm using a Lambda function to do some processing on uploaded files (image resizing, video conversion etc) However im struggling to get the lambda function to get anything from S3.

Currently got the Lambda function running on S3 Upload trigger and all it has to do right not is copy the file from one bucket to another but it just seems to freeze.

I get a log in CloudWatch stating it started, I get the File Uploaded... message and then nothing until the function times out, which happens no matter how much memory or timeout I give it.

At first i thought it might be permissions but my lambda user has FullPermission on S3 as well as Lambda and i've even made my buckets public.

function code im using is:

 public async Task<string> FunctionHandler(S3Event evnt, ILambdaContext context)
        {
            var s3Event = evnt.Records?[0].S3;
            if(s3Event == null) return null;

            try
            {
                context.Logger.LogLine("File Uploaded, Starting Copy");
                await S3Client.CopyObjectAsync(s3Event.Bucket.Name, s3Event.Object.Key, destinationBucket, s3Event.Object.Key);
                context.Logger.LogLine("Copy Completed.");


                return "Finished";
            }
            catch(Exception e)
            {
                context.Logger.LogLine($"Error getting object {s3Event.Object.Key} from bucket {s3Event.Bucket.Name}. Make sure they exist and your bucket is in the same region as this function.");
                context.Logger.LogLine(e.Message);
                context.Logger.LogLine(e.StackTrace);
                throw;
            }
        }
John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
nukeem
  • 111
  • 1
  • 7
  • Is your function running inside a VPC? – jellycsc Feb 26 '21 at 16:29
  • Yep, and i double checked the VPC permisions interestingly i've just run the same code as a console app and it works fine. – nukeem Feb 26 '21 at 16:46
  • 2
    To add to what `jellycsc` asked: does your VPC have a NAT that would allow the Lambda to access S3? Also, what is your timeout? – Parsifal Feb 26 '21 at 17:08
  • 1
    May be helpful background: https://stackoverflow.com/questions/52992085/why-cant-an-aws-lambda-function-inside-a-public-subnet-in-a-vpc-connect-to-the/52994841#52994841 – jarmod Feb 26 '21 at 19:12

1 Answers1

0

It is likely that your AWS Lambda function has been configured to use a VPC.

When a function is not configured to use a VPC, the function has direct access to the Internet and, therefore, to Amazon S3.

However, when a function is configured to use a VPC it does not have direct access to the Internet. If the function does require VPC access (eg to also access a resource inside the VPC), then S3 access can be granted either by:

  • Adding a VPC Endpoint for Amazon S3 in the VPC, or
  • Connecting the Lambda function to a private subnet and then launching a NAT Gateway in a public subnet, with a Route Table entry on the private subnet that directs Internet-bound traffic to the NAT Gateway

The simplest solution, of course, is to not connect the function to a VPC if at all possible.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470