DEVHIDE
Login Or Sign up

AWS Lambda times out when calling RDS Serverless

1.1k Views Asked by At

I have a VPC with two ISOLATED subnets, one for my RDS Serverless cluster, and one for my Lambda functions.

But my Lambda functions all timeout when they're calling my RDS.

My question is; is this VPC + isolated subnets a working structure for API Gateway -> Lambda -> RDS, or am I trying something impossible?

Lambda:


import * as AWS from 'aws-sdk';

const rdsDataService = new AWS.RDSDataService();

const query = `SELECT * FROM information_schema.tables;`;

export const handler = async (event) => {
  const params = {
    secretArn: `secret arn`,
    resourceArn: "rds arn",
    sql: query,
    database: 'db name'
  };
  const res = await rdsDataService.executeStatement(params).promise();
  return { statusCode: 200, body: {
    message: 'ok',
    result: res
  }};
};

My RDS and Lambda share a Security Group in which I've opened for ALL traffic (I know this isn't ideal) and my Lambda has a role with Admin Rights (also not ideal) but still only times out.

amazon-web-services aws-lambda aws-rds-data-service
Original Q&A
2

There are 2 best solutions below

3
On BEST ANSWER

You are using the Aurora Serverless Data API. The API does not exist inside your VPC. You have chosen isolated subnets, which have no access to anything that exists outside your VPC. You will either need to switch to private subnets, or add an RDS endpoint to your VPC.

0
On

It is important to call out that RDS API != RDS Data API; the two are different. You use the RDS API for standard RDS instances; for something like Aurora Serverless, you use the RDS Data API.

For anyone running across this in the future, there is now some helpful documentation describing how to create an Amazon VPC endpoint to allow access to the RDS Data API.

If you're using Terraform to create the VPC endpoint, here's a snippet that essentially replicates the instructions from the tutorial above:

resource "aws_vpc_endpoint" "rds-data" {
  vpc_id              = <your-vpc-id-here>
  service_name        = "com.amazonaws.<your-region-here>.rds-data"
  vpc_endpoint_type   = "Interface"
  private_dns_enabled = true

  security_group_ids = [
    <your-security-group-ids-here>
  ]
  subnet_ids = [
    <your-subnet-ids-here>
  ]
}

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AWS-LAMBDA

Related Questions in AWS-RDS-DATA-SERVICE

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.