Can't Access Non-Publicly Accessible RDS/MYSQL from Lambda Function

2
votes

I have a Lambda function which is assigned to the same VPC and Security Group as the RDS instance.

The security group allows all inbound/outbound traffic from anywhere.

The execution role for the Lambda function has AWSLambdaVPCAccessExecutionRole, AmazonVPCFullAccess and AmazonRDSFullAccess.

For some reason when I test this as a scheduled event I always get this error.

(2003, "Can't connect to MySQL server on '###.###.us-east-1.rds.amazonaws.com' ([Errno -3] Temporary failure in name resolution)")

As far as I can tell the Lambda should be in the same VPC as have access to each other. I'm using a simple PYMSQL call.

try:
  conn = pymysql.connect(str(os.environ['rds_host']), user=str(os.environ['db_username']), passwd=str(os.environ['db_password']), db=str(os.environ['db_name']), connect_timeout=20)
except pymysql.MySQLError as e:
  logger.error(e)
  sys.exit()

logger.info("SUCCESS: Connection to RDS mysql instance succeeded")
1
amazon-web-serviceslambdards

1 Answers

0
votes

The reason this wasn't working is because the subnets I was assigning the Lambda function where all public (aka - "Auto-assign Public IP") wasset to Yes. I set one of the subnets to "No" and only used that one.....it worked.

If you want your Lambda to operate inside a VPC only assign in PRIVATE SUBNETS!