Invoking a Lambda function from another Lambda Function Inside of a VPC

Question

I have been debugging, configuring and you name it the last couple of hours and i can't seem to figure out why this is happening.

I am trying to invoke a lambda function which is just retrieving basic information from ec2. when i test this lambda function in the aws console it seems to be working fine. However, invoking it in another lambda, using following code;

    BasicAWSCredentials awsCreds = new BasicAWSCredentials("key1" , "key2");
    AWSLambdaClientBuilder builder = AWSLambdaClientBuilder.standard()
            .withRegion("eu-west-1")
            .withCredentials(new AWSStaticCredentialsProvider(awsCreds));
    AWSLambda client = builder.build();

    InvokeRequest req = new InvokeRequest()
            .withFunctionName("GetWhateverIneed");
    InvokeResult result = client.invoke(req);

it simply times out. No response whatsoever... Both Lambdas are connected to the VPC and all subnets

I think it is my new VPC that is causing this problem. My VPC is consisting of:

1 VPC .
-2x Subnets (1x Private with ipv4 10.0.0.0/17, 1x Public with ipv4 10.0.128.0/17).
-1x IGW Connected to the Private subnet.
-1x NAT Gateway connected to the Public subnet .
-2x Endpoints (One for Ec2, One for SecretsManager)

I have also configured two route tables, One for the "public" subnet: "Routes" ->
Destination: 10.0.0.0/16 Target: local
Destination: 0.0.0.0/0 Target: My Internet Gateway(IGW)

One for the "private" subnet: "Routes" ->
Destination: 10.0.0.0/16 Target: local .
Destination: 0.0.0.0/0 Target: My nat

I have made sure both of my Lambdas is running on the same VPC, they are both using the same security group:

This is my first time working with VPC so it is possible that i have missed something.

Answer 1

If your Lambda function is VPC attached, it needs to be able to communicate via your VPC to the AWS API. Lambdas do not talk to other Lambdas over the network, they initiate requests with the AWS API or an API Gateway, which passes the request on to the Lambda Function.

If you need a VPC attached Lambda to initiate another Lambda, it needs to be able to get to the AWS API or API Gateway via the internet. Alternatively, you can keep it all on private networks by adding a VPC Endpoint to the API Gateway Service.

A pattern I follow in similar circumstances is described in this previous post of mine: https://stackoverflow.com/a/43969112/6427978