Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to invoke step function from a lambda which is inside a vpc?

I am trying to invoke a step function from a lambda which is inside a VPC. I get exception that HTTP request timed out.

Is it possible to access step function from a lambda in a vpc?

Thanks,

like image 915
sujith Avatar asked Nov 27 '18 02:11

sujith


People also ask

Can you invoke a Lambda in a VPC?

You can call any of the Lambda API operations from your VPC. For example, you can invoke the Lambda function by calling the Invoke API from within your VPC. For the full list of Lambda APIs, see Actions in the Lambda API reference.

Does step function run in VPC?

Amazon Step Functions now supports Amazon PrivateLink, allowing you to access Amazon Step Functions from VPC-enabled Amazon Lambda functions and other Amazon Web Services services without traversing the public internet.

Can Lambda invoke step function?

Services that you can configure to invoke Step Functions include: AWS Lambda, using the StartExecution call. Amazon API Gateway. Amazon EventBridge.

How do you pass Lambda output to step function?

In the console, go to the “Step Functions” section (under Application Services). Choose “Create a State Machine”. Once you have pasted in the code, you will need to add the ARN (resource locators) for your two lambda functions.


2 Answers

It is possible but depends on how you are trying to access step functions. If you are using the AWS SDK then it should take care of any http security issues, otherwise if you are executing raw HTTP commands you will need to mess around with AWS headers.

The other thing you will need to look at is the role that lambda is executing. Without seeing how you have things configure I can only suggest to you things I encountered; you may need to adjust your policies so the role can have the action: sts:AssumeRole, another possibility is adding the action: iam:PassRole to the same execution role.

The easiest solution is to grant your execution role administrator privileges, test it out then work backwards to lock down your role access. Remember to treat your lambda function like another API user account and set privileges appropriately.

like image 107
PeterO Avatar answered Oct 08 '22 19:10

PeterO


If your lambda function is running inside a VPC, you need to add a VPC endpoint for step functions.

In the VPC console : Endpoints : Create Endpoint, the service name for step functions is com.amazonaws.us-east-1.states (the region name may vary).

Took me a while to find this in the documentation.

like image 32
Jeff Avatar answered Oct 08 '22 19:10

Jeff