I am using the serverless framework to try and have my lambda function throw some records into an 'always on' Aurora RDS instance. So far I've been met with connect timeouts when using the mysql npm package and trying to connect to the RDS instance.
Here is what I've checked\tried:
- put the lambda function in the VPC in serverless.yml
- included the 3 subnets associated with that VPC in the yml
- specified the security group in the servless.yml
- checked that there is an aurora routing rule in that service group that allowed access to the service group itself
- added ec2 elastic interface iam role statements
serverless.yml:
service: myrds
provider:
name: aws
runtime: nodejs10.x
stage: ${opt:stage, 'dev'}
region: ${opt:region, 'us-east-2'}
iamRoleStatements:
- Effect: "Allow"
Action:
- "ec2:CreateNetworkInterface"
- "ec2:DescribeNetworkInterfaces"
- "ec2:DeleteNetworkInterface"
Resource: "*"
- Effect: "Allow"
Action:
- "sqs:SendMessage"
- "sqs:GetQueueUrl"
- "sqs:ListQueues"
Resource:
Fn::GetAtt:
- RDSQueue
- Arn
- Effect: "Allow"
Action:
- "sqs:SendMessage"
- "sqs:GetQueueUrl"
- "sqs:ListQueues"
Resource:
Fn::GetAtt:
- DeadLetterQueue
- Arn
functions:
consumer:
handler: handler.consumer
timeout: 20
vpc:
securityGroupIds:
- sg-123456
subnetIds:
- subnet-11111
- subnet-22222
- subnet-33333
events:
- sqs:
arn:
Fn::GetAtt:
- RDSQueue
- Arn
environment:
NODE_ENV: ${opt:stage, 'dev'}
resources:
Resources:
RDSQueue:
Type: 'AWS::SQS::Queue'
Properties:
QueueName: "RDSQueue-${opt:stage, 'dev'}"
RedrivePolicy:
deadLetterTargetArn:
"Fn::GetAtt":
- DeadLetterQueue
- Arn
maxReceiveCount: 3
DeadLetterQueue:
Type: 'AWS::SQS::Queue'
Properties:
QueueName: "DeadLetterQueue-${opt:stage, 'dev'}"
What am I missing here? It's connect timing out when it is triggered from the SQS queue.