"Client network socket disconnected before secure TLS connection was established" when hitting AWS SQS from Lambda

0
votes

I have a Cloudwatch Events Rule that periodically invokes an AWS Lambda. This Lambda attempts to pull a message from an AWS SQS queue using the receiveMessage SDK method. Then, if there is a message, it invokes an AWS Step Function. This process works when invoked locally. However, when Cloudwatch triggers it, I receive the error Client network socket disconnected before secure TLS connection was established. See my code below:

module.exports.triggerStepFunction = () => {
  let sqs = new AWS.SQS({apiVersion: '2012-11-05'})

  let params = {
    QueueUrl: 'my_endpoint',
    AttributeNames: [
      'All'
    ],
    MessageAttributeNames: [
      'All'
    ],
    MaxNumberOfMessages: 1,
    ReceiveRequestAttemptId: Date.now().toString(),
    VisibilityTimeout: 10,
    WaitTimeSeconds: 6
  }
  sqs.receiveMessage(params, function(err, receiveMessageData) {
    if (err) {
      return err
    } else {
      return receiveMessageData
    }
  })
}

What is happening and how do I fix it?

1
aws-lambdaamazon-sqsamazon-cloudwatchaws-step-functions

1 Answers

0
votes

It looks like the solution was to create a new IAM role with proper permissions and attach that to the lambda. I'm using Serverless, so I added the following to my serverless.yml file and attached it to the lambda:

resources:
  Resources:
    SQSLambdaRole: 
      Type: AWS::IAM::Role
      Properties: 
        AssumeRolePolicyDocument: 
          Version: '2012-10-17'
          Statement: 
          - Effect: Allow
            Principal: 
              Service: lambda.amazonaws.com
            Action: 
            - sts:AssumeRole
        Path: '/'
        Policies: 
        - PolicyName: logs
          PolicyDocument: 
            Statement: 
            - Effect: Allow
              Action: 
              - logs:CreateLogGroup
              - logs:CreateLogStream
              - logs:PutLogEvents
              Resource: arn:aws:logs:*:*:*
        - PolicyName: sqs
          PolicyDocument: 
            Statement: 
            - Effect: Allow
              Action: 
              - sqs:ReceiveMessage
              - sqs:SendMessage
              - sqs:DeleteMessage
              Resource: <MY_SQS_RESOURCE_ARN>