AWS Lambda Timeout when Triggered through Cloudwatch

0
votes

I have a lambda function that makes requests to external API which requires a static IP to whitelist. I have created a VPC with an assigned elastic IP to solve this.

The function works perfectly when testing on the AWS Lambda console but if triggered using EventBridge (CloudWatch Events), it always times out:

2020-10-01T11:12:29.219Z 012df4ee-bb1e-4821-b1a2-6c3396ca760b Task timed out after 720.00 seconds

I thought the issue was the VPC, but considering this works when I manually trigger it I think there may be an issue with how the function is being triggered by cloudwatch.

Has anyone had the problem before?

1
amazon-web-servicesaws-lambdaamazon-vpc
Does your function require access to any of aws services ? (public endpoints) - Traycho Ivanov
What do you mean by "with an assigned elastic IP"? What did you do with the Elastic IP address? - John Rotenstein
Does the function have the right permission to allow the event to invoke it? - nmcdonald
@TraychoIvanov Yes, it requires access to S3 and I have configured an endpoint to com.amazonaws.eu-west-2.s3. As mentioned, the function works when triggered manually - so I'm confused why it doesn't work when triggered by cloudwatch? - anthonyatp
@nmcdonald I assume so, as this has worked in the past. The function is being invoked, but it times out majority of the time. - anthonyatp

1 Answers

0
votes

It is not possible to assign an Elastic IP address to an AWS Lambda function.

Instead:

  • Create an Elastic IP address
  • Create a NAT Gateway or NAT Instance in a public subnet and configure the private subnet(s) to use the NAT Gateway/NAT Instance
  • Associate the Elastic IP address with the NAT Gateway/NAT Instance
  • Configure the Lambda function to connect to a private subnet

The Lambda function will then access the Internet via the NAT Gateway/NAT Instance, using the assigned Elastic IP address.

See: Give Internet Access to a Lambda Function in a VPC