My AWS Lambda function times out when it ties to connect to an RDS instance in another VPC. The VPCs are peered.
Things I have checked:
- Lambda is inside the correct VPC
- RDS is inside the other VPC
- RDS exists in subnets that are peered
- VPC Peering is "accepted"
- Lambda security group has ingress permission on correct port (
5432
) to RDS security group - Lambda security group has egress permission to anywhere on any port
- Route table entries exists from Lambda VPC subnets to peering
- Route table entries exist from RDS VPC subnets to peering
What else can I check / leverage to fix this connectivity issue?
Update
- DNS hostnames and DNS resolution are enabled for both VPCs
Update
I tried the following:
- Create EC2 instance on same subnet as Lambda
- Assign lambda SG to the EC2
- SSH connect to EC2
telnet
to RDS:
telnet rds.xxxxxxxxxx.eu-west-2.rds.amazonaws.com 5432
Trying 10.11.65.225...
Connected to rds.xxxxxxxxxx.eu-west-2.rds.amazonaws.com.
Escape character is '^]'.
^CConnection closed by foreign host.
So the EC2 can connect. Therefore the issue must be with the lambda.
What can I try next?
The issue in my case (maybe yours too?) was that the query was timing out, not the connection attempt. You can test this by changing the query to
SELECT 1 AS x
or similar. The solution is to optimize the query so that it can run in reasonable time.The trick of launching an EC2 with similar settings to the Lambda and connecting via SSH is a good one.