Parameter Store request timing out inside of AWS Lambda

Question

I'm attempting to access the AWS SSM Parameter store, like this article does. I have tested the lambda function locally and it works as expected. When pushed to AWS, however, the lambda fails when attempting to retreive the config; it times out:

{
    "errorMessage": "2018-09-02T04:55:49.096Z 71a5006a-ae6c-11e8-9322-313ba5e28048 Task timed out after 6.01 seconds"
}

I have the following permissions added to my serverless.yml. I have made it as unrestricted as possible to try to find where the error is. Additionally, the parameter is just a string, so it does not use KMS.

service: pwaer-messages-service

provider:
  name: aws
  runtime: nodejs8.10
  vpc:
    securityGroupIds:
      - sg-222f126f
    subnetIds:
      - subnet-756aef12
      - subnet-130f8f3d
  environment:
    NODE_ENV: ${opt:stage, 'dev'}

  iamRoleStatements:
    - Effect: 'Allow'
      Action: 'ssm:**'
      Resource:
        - 'Fn::Join':
          - ':'
          -
            - 'arn:aws:ssm'
            - Ref: 'AWS::Region'
            - Ref: 'AWS::AccountId'
            - 'parameter/*'

functions:
  receiveText:
    handler: dist/receive.handler
    events:
      - http:
          path: sms/parse
          method: post

What am I missing?

Answer 1

Since mentioned Lambda doesn't have access to the public internet, to access AWS APIs please setup a VPC endpoint.

As per the description - "VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services".

For AWS Systems Manager follow this procedure - Setting Up VPC Endpoints for Systems Manager