0

I have AWS Lambda function which is:

  • attached to a default VPC (having IGW and internet access)
  • attached to a default subnets (all 3)
  • with permissions (role) AWSLambdaVPCAccessExecutionRole
  • security group: with full outbound access (All TCP 0.0.0.0/0)
  • i have also EC2 instances in the same VPC/subnet and Internet access is working fine
  • that lambda function is having access to EC2/mysql within the same VPC (that is the requirement: need to access private VPC DB and also Stripe API service from that Lambda)
  • set 6 seconds timeout

I have created this function like this:

aws lambda create-function --function-name  stripe_payment_post --runtime python3.8 \
--zip-file fileb://deployment.zip --handler stripe_payment_post.handler \
--role arn:aws:iam::xxxx74:role/project-lambda_db_access \
--vpc-config SubnetIds=subnet-xxxx70,SecurityGroupIds=sg-xxxxed

And when calling it to access Stripe API i see in the logs:

[INFO]  2022-11-11T10:54:11.064Z    30be645a-8e03-4c15-b575-502cd2ecd218    message='Request to Stripe api' method=post path=https://api.stripe.com/v1/payment_intents
2022-11-11T10:54:17.046Z 30be645a-8e03-4c15-b575-502cd2ecd218 Task timed out after 3.01 seconds

Alway timing out. Like having no access to Stripe/Internet. Why? What am I missing ?

My Lambdas handler is:

def handler(event, context):
    """
    This function called on POST tenant, adding new tenant to mysql db
    """
    
    logger.info("LOG: "+str(event))


    stripe.api_key = 'sk_test_5xxxxx'
    
    try:
        intent = stripe.PaymentIntent.create(
            amount=11,
            currency='usd',
            payment_method_types=["card"]
        )
        client_secret = intent.client_secret
    except stripe.error.StripeError as e:
        errorCode = str(e)
    except Exception as e:
        errorCode = str(e)

    # API GW Lambda proxy integration requires specific return format
    return {
        'statusCode': 200,
        'body': json.dumps({'client_secret': client_secret
        })
    }
user2913139
  • 557
  • 2
  • 5
  • 13
  • 1
    You should add the code of your function as well to this post. The reason can be there. – Artem Arkhipov Nov 11 '22 at 10:59
  • thanks, https://stackoverflow.com/questions/52992085/why-cant-an-aws-lambda-function-inside-a-public-subnet-in-a-vpc-connect-to-the was the answer. I had to add nat gateway and route traffic via it. – user2913139 Nov 11 '22 at 11:31
  • Does your AWS Lambda function need to access resources _inside_ the VPC? If not, then the simpler (and cheaper) solution is to **disconnect the Lambda function from the VPC**. This will automatically give it access to the Internet, without requiring a NAT Gateway. However, if your Lambda function _also_ requires access to some resources inside the VPC, then your fix is correct. – John Rotenstein Nov 11 '22 at 22:56
  • thanks John, got it, in my case i need to access both: internal service + Internet - so had to use NAT gw. – user2913139 Nov 12 '22 at 07:53

0 Answers0