Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Resolving a private hostname within a lambda function

Tags:

aws-lambda

I've encountered problems with Lambda not being able to resolve the url like http://example.com:1234

I have to use the IP instead. I'm wondering how do I ensure that the url can be resolved, especially when the url I'm using is private. All google researches point me to Route 53, but there's no explanation on how exactly this should be done.

For more clarity:

  1. All I'm doing is using the Python requests and calling my elasticsearch to insert some data:

    response = requests.post(es_url, data=some_data, timeout=some_timeout)

where es_url is <ip>:9200/some_index/some_type/.

I want to change ip to a human-readable domain like my_es.example.com which works in my EC2 instance but I cannot resolve this name in lambda function.

  1. I believe I have my lambda function already connected to a VPC. I don't care about accessing public IP's. All I need is to access my ES which resides in the same VPC. Unless my setting is incorrect?
like image 693
JChao Avatar asked May 03 '18 01:05

JChao

People also ask

Can Lambda access private subnet?

You can configure a Lambda function to connect to private subnets in a virtual private cloud (VPC) in your AWS account. Use Amazon Virtual Private Cloud (Amazon VPC) to create a private network for resources such as databases, cache instances, or internal services.

Can Lambda function access with dedicated tenancy VPC?

Lambda doesn't support running functions in dedicated tenancy VPCs. To connect a Lambda function to a dedicated VPC, first peer the dedicated VPC to a default tenancy VPC that contains the function. The solution requires using an Amazon Elastic Compute Cloud (Amazon EC2) Dedicated Instance.

Should Lambda be in public or private subnet?

Be sure that all the subnets you configure for your Lambda function are private subnets. It is a common mistake to configure, for example, 1 private subnet and 1 public subnet. This will result in your Lambda function working OK sometimes and failing at other times without any obvious cause.

Does Lambda need a security group?

The Lambda function's security group has no rules whatsoever. None are required. It is merely a placeholder for the Lambda function that allows us to specify the Lambda function as source in our other EC2 security groups.

2 Answers

It works fine for me.

I did the following:

  • Created a new VPC using the VPC Wizard (Public & Private Subnets, NAT Gateway)
  • Created a Lambda function (shown below) without a VPC connection
  • Tested -- it successfully resolved the domain name
  • Configured the Lambda function to use the private subnet in the new VPC
  • Tested -- successful again
  • Launched an ElastiCache server in the private subnet
  • Changed the Lambda function to instead resolve the DNS name of the ElastiCache server -- Success!

This is the Lambda (Python 3.6) function I used:

def lambda_handler(event, context):
    import socket

    data = socket.gethostbyname_ex('google.com')
    print (data)
    return

That worked with no VPC setting and also with the VPC configured to the private subnet.

I then ran it again with the name of the ElastiCache server:

def lambda_handler(event, context):
    import socket

    data = socket.gethostbyname_ex('stack.b155ae.0001.apse2.cache.amazonaws.com')
    print (data)
    return

It returned:

('stack.b155ae.0001.apse2.cache.amazonaws.com', [], ['10.0.1.168'])

So, resolution of an ElastiCache name from Lambda seems to work fine.

Your problem must lie with your Lambda or VPC configuration (did you change DHCP Options?).

like image 63
John Rotenstein Avatar answered Sep 23 '22 05:09

John Rotenstein

Try to configure the Lambda in your vpc to access the private hosted zone.

like image 25
Mukesh Sharma Avatar answered Sep 20 '22 05:09

Mukesh Sharma
Sign in to Comment

Related questions

“SSL: CERTIFICATE_VERIFY_FAILED” Error when publish MQTT, AWS IoT
AWS: What can I use to run periodic tasks on RDS?
boto3 start/stop RDS instance with AWS Lambda
Using numpy in AWS Lambda
Get alias name of AWS Lambda function in code
Custom response Lambda Authorizer for 401
AWS API Gateway Serve S3 Content and Lambda
AWS Lambda finish before sending message to SQS
How to Fix AttributeError: module 'botocore.vendored.requests' has no attribute 'Post' Traceback
jest unit test for AWS lambda
AWS SAM: An error occurred (ValidationError) when calling the CreateChangeSet operation: Parameters: [IdentityNameParameter] must have values
How do I get write access to EFS from Lambda?
How to add CloudWatch Lambda Insights to serverless config?
AWS Lambda can't delete Amazon S3 object
Triggering a AWS Lambda from a form post
How long can I have my AWS lamba function hold before returning for alexa(amazon echo)?
custom authorizers in Amazon API Gateway 500 error
Does Amazon Aurora Postgres support lambda invocations?
Import external cert in aws
Exclude Lambda function from deploy to a particular stage

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!