Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Lambda function timeout on external call

Tags:

node.js

amazon-web-services

aws-lambda

amazon-vpc

I have a Lambda function from which I need to make an external API call. I have added the Lambda function to a security group, a VPC, and 2 subnets, and it gives me this text:

When you enable VPC, your Lambda function will lose default internet access. If you require external internet access for your function, ensure that your security group allows outbound connections and that your VPC has a NAT gateway.

I go into VPC, create a NAT gateway (I let AWS create a EIP), attach it to one of the subnets on my lambda function.

For debugging purposes, my security group outbound functions are set to all traffic/all destinations (0.0.0.0/0). Also my Network ACL for this VPC is set to this (with 5 subnets, including the one with the NAT gateway):

100 | ALL Traffic | ALL | ALL | 0.0.0.0/0 | ALLOW

A route table with the same 2 subnets is on the VPC, with the 0.0.0.0/0 route set to target the NAT gateway.

A different route table with 3 other subnets is also on the VPC, with the 0.0.0.0/0 route set to target the internet gateway.

Both route tables have the same local destination IP (the IP for the VPC).

The error I get is:

{ Error: connect ETIMEDOUT x.x.x.x:443
at Object.exports._errnoException (util.js:1018:11)
at exports._exceptionWithHostPort (util.js:1041:20)
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1090:14)
code: 'ETIMEDOUT',
errno: 'ETIMEDOUT',
syscall: 'connect',
address: 'x.x.x.x',
port: 443 }

The node code I am running works on my desktop node environment, and the POST call works in postman, so I am fairly certain this is problem with my AWS config.

I have been using this scenario as a resource: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html

like image 735
getglad Avatar asked Apr 27 '17 14:04

getglad

1 Answers

I go into VPC, create a NAT gateway (I let AWS create a EIP), attach it to one of the subnets on my lambda function.

That is where gou went wrong.

The NAT Gateway must not be attached to any of the subnets it serves. The NAT Gateway must be on a public subnet with a default route to the Internet Gateway.

A NAT Gateway's default route follows the default route of the route table of the subnet to which it is attached, to reach the Internet. If it's associated with a subnet that needs a NAT Gatway, its default route loops back on itself.

Then, all subnets associated with Lambda need to use a route table whose default route points to the NAT Gateway.

like image 175
Michael - sqlbot Avatar answered Oct 26 '22 06:10

Michael - sqlbot
Sign in to Comment

Related questions

Node.js TypeError: Cannot read property 'file' of undefined
How do I call .js from another .js file? [duplicate]
How to throw a 404 error in express.js?
`gulp build` for semantic ui is giving error 'ENOENT: no such file or directory'
What is `process.binding('fs')` in `fs.js`? [duplicate]
Node webpack dev server failing 'Cannot GET /' in vuejs project
Setting Up Postman for API Testing When Using Passport Authorization
How to register mongoose plugin for all schemas?
What does 'require('./app/routes.js')(app);' mean in this node server example? [duplicate]
Is it possible to override a local .npmrc when running `npm install`?
Edit existing PM2 process
ECDSA signatures between Node.js and WebCrypto appear to be incompatible?
How to use body-parser in express router?
Handling refresh tokens for FCM device groups
ignore debugger; statements in Node.js, during debug session
"Unexpected token in JSON at position 0" using JSON.parse in Node with valid JSON
How to change npm globally installation path
How to match an array of objects with sinon.js?
Import moment.js in js file in webpack
Sequelize query with count in inner join

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!