I am trying to delete old RDS snapshots using the following python script for AWS Lambda, but when I try to run the script, it gives me the error "Task timed out after [whatever timeout period I've specified]." I've tried increasing the timeout period to a few minutes, which is way more time than this task should take, so I am fairly confident that it is not because I have too short a timeout period. Furthermore, this code works just fine when run from an EC2 instance rather than from Lambda.
import boto3
import pprint
import time
import re
import datetime
def lambda_handler(event, context):
DAYS_EXPIRE = 2
client = boto3.client('rds', region_name='us-east-1')
snapshots = client.describe_db_snapshots(
DBInstanceIdentifier='test-rds-instance',
SnapshotType='manual',
MaxRecords=100
)
list_snapshots = snapshots['DBSnapshots']
for snap in list_snapshots:
dbs_id = snap['DBSnapshotIdentifier']
delta_datetime = datetime.timedelta(days=DAYS_EXPIRE)
acceptable_datetime = datetime.datetime.now() - delta_datetime
datestring = re.search(r'\d{4}-\d{2}-\d{2}-\d{2}-\d{2}$', dbs_id).group()
datetime_snapshot = datetime.datetime.strptime(datestring, '%Y-%m-%d-%H-%M')
if (datetime_snapshot < acceptable_datetime):
print "Deleting" + dbs_id
client.delete_db_snapshot(DBSnapshotIdentifier=dbs_id)
I tried commenting out various parts and rerunning in order to figure out where the error was occurring, and I think it's here:
snapshots = client.describe_db_snapshots(
DBInstanceIdentifier='test-rds-instance',
SnapshotType='manual',
MaxRecords=100
)
I'm not sure why, since it's working outside of Lambda, but I think that it is an issue with the connection. The script has an IAM policy attached to it which allows it VPC for Lambda access and full RDS access. I don't know if security groups restrict Lambda requests or not, but just in case, I modified the security group of the RDS instance to accept all inbound traffic. The RDS instance is publicly accessible. I also tried modifying the client definition to include the RDS endpoint as given in the console (although this threw the error "invalid endpoint") as well as to take in access key id and access key. However this didn't work either. Any suggestions?