AWS Lambda can't connect to RDS instance, but I can locally?

Question

I am trying to connect to my RDS instance from a lambda. I wrote the lambda locally and tested locally, and everything worked peachy. I deploy to lambda, and suddenly it doesn't work. Below is the code I'm running, and if it helps, I'm invoking the lambda via a kinesis stream.

'use strict';  exports.handler = (event, context, handlerCallback) => {     console.log('Recieved request for kinesis events!');     console.log(event);     console.log(context);      const connectionDetails = {         host:     RDS_HOST,         port:     5432,         database: RDS_DATABASE,         user:     RDS_USER,         password: RDS_PASSWORD     };      const db = require('pg-promise')({promiseLib: require('bluebird')})(connectionDetails);      db             .tx(function () {                 console.log('Beginning query');                  return this.query("SELECT 'foobar'")                            .then(console.log)                            .catch(console.log)                            .finally(console.log);             })             .finally(() => handlerCallback()); }; 

Here is the logs from cloud watch if it helps:

START RequestId: *********-****-****-****-********* Version: $LATEST  2016-05-31T20:58:25.086Z    *********-****-****-****-*********  Recieved request for kinesis events!  2016-05-31T20:58:25.087Z    *********-****-****-****-*********  { Records:  [ { kinesis: [Object], eventSource: 'aws:kinesis', eventVersion: '1.0', eventID: 'shardId-000000000000:**********************************', eventName: 'aws:kinesis:record', invokeIdentityArn: 'arn:aws:iam::******************:role/lambda_kinesis_role', awsRegion: 'us-east-1', eventSourceARN: 'arn:aws:kinesis:us-east-1:****************:stream/route-registry' } ] }  2016-05-31T20:58:25.283Z    *********-****-****-****-*********  { callbackWaitsForEmptyEventLoop: [Getter/Setter], done: [Function], succeed: [Function], fail: [Function], logGroupName: '/aws/lambda/apiGatewayRouteRegistry-development', logStreamName: '2016/05/31/[$LATEST]******************', functionName: 'apiGatewayRouteRegistry-development', memoryLimitInMB: '128', functionVersion: '$LATEST', getRemainingTimeInMillis: [Function], invokeid: '*********-****-****-****-*********', awsRequestId: '*********-****-****-****-*********', invokedFunctionArn: 'arn:aws:lambda:us-east-1:*************:function:apiGatewayRouteRegistry-development' }  END RequestId: *********-****-****-****-*********  REPORT RequestId: *********-****-****-****-*********    Duration: 20003.70 ms   Billed Duration: 20000 ms Memory Size: 128 MB   Max Memory Used: 22 MB    2016-05-31T20:58:45.088Z *********-****-****-****-********* Task timed out after 20.00 seconds 

Answer 1

@MarkB @Michael-sqlbot were correct in the comments, it was a security group issue.

I finally got AWS support response to point out that the RDS security group was indeed private to a specific IP. This doesn't make sense as I never configured that, and I could access the database from my local machine and elastic beanstalk. I added 0.0.0.0/0 to the security group and now the lambda can connect. Thanks for your help guys!