Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Access AWS S3 from Lambda within VPC

Overall, I'm pretty confused by using AWS Lambda within a VPC. The problem is Lambda is timing out while trying to access an S3 bucket. The solution seems to be a VPC Endpoint.

I've added the Lambda function to a VPC so it can access an RDS hosted database (not shown in the code below, but functional). However, now I can't access S3 and any attempt to do so times out.

I tried creating a VPC S3 Endpoint, but nothing has changed.

VPC Configuration

I'm using a simple VPC created by default whenever I first made an EC2 instance. It has four subnets, all created by default.

VPC Route Table

_Destination - Target - Status - Propagated_  172.31.0.0/16 - local - Active - No  pl-63a5400a (com.amazonaws.us-east-1.s3) - vpce-b44c8bdd - Active - No  0.0.0.0/0 - igw-325e6a56 - Active - No 

Simple S3 Download Lambda:

import boto3 import pymysql from StringIO import StringIO  def lambda_handler(event, context):     s3Obj = StringIO()      return boto3.resource('s3').Bucket('marineharvester').download_fileobj('Holding - Midsummer/sample', s3Obj) 
like image 398
musingsole Avatar asked Sep 29 '16 21:09

musingsole


People also ask

How do I access S3 inside VPC?

When a new Amazon S3 bucket is created, to allow access from the VPC, you can create an S3 Access Point on the S3 bucket. The preceding condition in the VPC endpoint policy would automatically allow access to this new S3 bucket via the Access Point, without having to edit the VPC endpoint policy.

Can Lambda be inside VPC?

Lambda functions always run inside VPCs owned by the Lambda service. As with customer-owned VPCs, this allows the service to apply network access and security rules to everything within the VPC.

Can AWS Lambda read from S3?

S3 Object Lambda works with your existing applications and uses AWS Lambda functions to automatically process and transform your data as it is being retrieved from S3. The Lambda function is invoked inline with a standard S3 GET request, so you don't need to change your application code.


1 Answers

There is another solution related to VPC endpoints.

On AWS Console, choose VPC service and then Endpoints. Create a new endpoint, associate it to s3 service

VPC S3 endpoint selection

and then select the VPC and Route Table.

Then select access level (full or custom) and it will work.

like image 124
Luis RM Avatar answered Oct 01 '22 20:10

Luis RM