AWS Lambda to DynamoDB Times Out

0
votes

I am trying to create a Lambda function (Python 3.6) that will write some content to DynamoDB. Currently, I'm just trying to get a hello world going. However, my Lambda Function times out whenever I actually try to do something with dynamo beyond just connecting to the table. Can you please advise?

Here's some relevant info:

  • I have configured my Lambda to run in a VPC (this is a requirement, as it will ultimately be triggered by Alexa Skills Kit)
  • My lambda & dynamo are both in US-West2 (Oregon)
  • I have added AWSLambdaDynamoDBExecutionRole and AmazonDynamoDBFullAccess to the IAM role that is used by the Lambda function.

Note: I am relatively new to AWS, so please forgive me if I'm missing something obvious.

Here's the code: 

import boto3

dynamodb = boto3.resource('dynamodb')
table = dynamodb.Table('some_table')

table.put_item(
    Item = {
        'person_id': 1,
        'msg': 'hello world'
    }
)

In the above code, the import, dynamodb, & table statements execute without issue. When I add the table.put_item call, I get a Task timed out message. The above code is based on https://boto3.readthedocs.io/en/latest/guide/dynamodb.html#using-an-existing-table

Thanks in advance for the help!

1
python-3.xaws-lambdaamazon-dynamodb
Alexa Skills Kit does not require the function to be in a VPC, so I'm not sure why you are saying it does. Your issue is due to the fact that you have placed the function in a VPC subnet without a NAT gateway or a DynamoDB VPC endpoint configured. Placing a Lambda function in a VPC has lots of drawbacks and shouldn't be done unless the function actually needs to access VPC resources.Mark B
Thanks @MarkB - I added the VPC when I planned on pushing from Lambda to RDS and assumed that requirement held true for DynamoDB. I will try removing the VPC and seeing if things resolve themselves.KingOfTheNerds
Thanks @MarkB - that solved it!KingOfTheNerds

1 Answers

0
votes

If a lambda function is provisioned inside a VPC, it is up to you to provide connectivity to the DynamoDB AWS services.

For DynamoDB the simplest way is to create a VPC Endpoint for DynamoDB:

  1. This will create a private path for your VPC to communicate with DynamoDB
  2. It will also add a custom route on your main Route Table automatically

enter image description here

Procedure:

aws ec2 create-vpc-endpoint --vpc-id vpc-xxxxx --service-name com.amazonaws.us-east-2.dynamodb --route-table-ids rtb-xxxxx

Or you can execute the same procedure via the AWS Console.

Beware: If you've removed the security group default egress rule which allows all outgoing traffic, you need to add a security group outbound rule with destination the reference of the VPC Endpoint (i.e: pl-43a43c1)

After this, your Lambda function should be able to communicate with DynamoDB assuming it's attached to the correct VPC, on a subnet with proper routing (which includes the VPC endpoint route), and in a security group with access to the VPC Endpoint.

Example of code to use in your lambda function:

import boto3

dynamodb_client = boto3.client('dynamodb', endpoint_url="http://dynamodb.us-east-2.amazonaws.com")