Access RDS from VPC Lambda

1
votes

Is it possible to access a publicly available RDS instance from a Lambda expression in the same VPC, without using a NAT? Could you please point me in the right direction to confugure this? Thanks.

RDS and Lambda have the same VPC, the same Subnets, the same Security group. The security group has 2 inbound rules:

  1. All Type - All Protocol - All Port Range - Source ALB security group
  2. All Type - All Protocol - All Port Range - Source security group itself

Is that correct?

2
amazon-web-servicesaws-lambdaamazon-rdsamazon-vpc
Could you open VPC, then Edit DNS hostnames => enable DNS hostnames TonyVo
The flag is already enabled.Jumpa
I have just test. RDS and Lambda same VPC (Private) => its able to connect to RDS endpoint. Please check SG of RDSTonyVo
Thanks for your time @TuanVA, I've edited my question, I'm surely doing something wrong with security group, may you help me?Jumpa

2 Answers

1
votes

The recommended configuration is:

  • Create a Security Group for the AWS Lambda function (Lambda-SG). It does not require any inbound rules.
  • Create a Security Group for the Amazon RDS db instance (DB-SG). It should allow an Inbound connection on the appropriate port (3306?) from Lambda-SG.

That is, DB-SG should specifically reference Lambda-SG as the source of the inbound connection.

0
votes

Turns out that the Lambda was timing out RDS connection, due to callback deadlock like explained here: https://stackoverflow.com/a/42619071/2373113 Other thing to notice is that traffic inside the same security group must be explicitly enabled in rules.