unable to connect to AWS RDS instance in default VPC from AWS Lambda

0
votes

I have a RDS mysql instance running

  1. its assigned in default VPC to all default subnets

  2. has a security group, inbound rule set to listen all Traffic, all protocol, all port ranges and source 0.0.0.0/0

  3. Publicly accessible is set to True

I am able to connect to RDS from SQl Workbench and also from local python script

-In my python lambda function -

  1. have assigned role with AWSLambdaVPCAccessExecutionRole ,lambda_basic_execution

    2.Lambda is not assigned to any VPC

I get following error message from lambda "errorMessage": "RequestId: xx Process exited before completing request"

Code fails at a point where it tries to connect to DB get_database_connection() and in except block logging message logger.error("ERROR: Unexpected error: Could not connect to MySql instance.")

Is it even possible for lambda to connect to RDS instance in default VPC ? lambda is not assigned to any VPC

Lambda Code

import sys
import logging
import package.pymysql
import logging
import package.pymysql.cursors

DATABASE_HOST = 'XXX'
DATABASE_USER = 'XXX'
DATABASE_PASSWORD = 'XXX'
DATABASE_DB_NAME = 'XXX'
port = 3306

def get_database_connection():
    "Build a database connection"
    conn = pymysql.connect(DATABASE_HOST, user=DATABASE_USER,
                           passwd=DATABASE_PASSWORD, db=DATABASE_DB_NAME, connect_timeout=5)
    return conn

try:
    conn = get_database_connection() 
except:
    logger.error("ERROR: Unexpected error: Could not connect to MySql instance.")
    sys.exit()
logger.info("SUCCESS: Connection to RDS mysql instance succeeded")    

def lambda_handler(event, context):
    print("Lambda executed")

followed this link [https://docs.aws.amazon.com/lambda/latest/dg/vpc-rds-deployment-pkg.html][1]

3
mysqlamazon-web-servicesaws-lambdaamazon-rds
Possible duplicate of AWS Lambda "Process exited before completing request"ruakh
have a look at the codeuser3036212
If you increase the timeout duration for your Lamba function, do you get a different result? (Maximum = 5 minutes, set it to at least 1 minute to allow for connection timeouts)John Rotenstein
Could you modify this line except: to except Exception as error: and add another logger call right below it logger.exception(error)? Then run the function again and you should be able to see the entire error stack trace in cloudwatch. Please post this trace here as well. As a 'side note' suggestion, never use this way of handling exceptions. Prefer expliciting which errors you're expecting, such as except KeyError as error: or at least always log the error stack trace with logger.exception().Renato Byrro
@user3036212 awesome, glad it helped! Good luck with your project. When you have some time, take a moment and try to help others here as well in stuff your already have some knowledge, doesn't need to be an expert ;)Renato Byrro

3 Answers

0
votes

What you need to do is this:

Create 2 private subnets for the default VPC

xxx.xxx.64.0/20
xxx.xxx.128.0/20

Go to your Lambda function in the console.

Scroll down and on the left hand side select the default VPC.

Select the 2 Private Subnets as your subnets on your lambda function.
0
votes

yes, your lambda is not in a vpc so the instance cant contact the rds public instance, follow this documentation for provide to your lambda function the internet "functionality"

https://aws.amazon.com/it/premiumsupport/knowledge-center/internet-access-lambda-function/

0
votes
  • There are lots of documentation that says to have 2 private subnets for lambda in your VPC and have internet connection using NAT gateway etc..
  • Actually I was able to connect to RDS in default VPC directly from lambda(without placing it in private subnets). Issue was I had imported pymysql file inside of pacakage folder, so I was getting
    that connection Timeout error.
  • I just had to prefix package in from of pymysql (package.mysql)
    except Exception as error: did trick for me