Troubleshooting Lambda to RDS connection with VPC peering

0
votes

My AWS Lambda function times out when it ties to connect to an RDS instance in another VPC. The VPCs are peered.

Things I have checked:

  • Lambda is inside the correct VPC
  • RDS is inside the other VPC
  • RDS exists in subnets that are peered
  • VPC Peering is "accepted"
  • Lambda security group has ingress permission on correct port (5432) to RDS security group
  • Lambda security group has egress permission to anywhere on any port
  • Route table entries exists from Lambda VPC subnets to peering
  • Route table entries exist from RDS VPC subnets to peering

What else can I check / leverage to fix this connectivity issue?

Update

  • DNS hostnames and DNS resolution are enabled for both VPCs

Update

I tried the following:

  • Create EC2 instance on same subnet as Lambda
  • Assign lambda SG to the EC2
  • SSH connect to EC2
  • telnet to RDS:
telnet rds.xxxxxxxxxx.eu-west-2.rds.amazonaws.com 5432
Trying 10.11.65.225...
Connected to rds.xxxxxxxxxx.eu-west-2.rds.amazonaws.com.
Escape character is '^]'.
^CConnection closed by foreign host.

So the EC2 can connect. Therefore the issue must be with the lambda.

What can I try next?

1
amazon-web-servicesaws-lambdaamazon-vpcaws-vpc-peering
Both VPC's are in same region or in different region ?Jyothish Kumar S
Both VPCs are in the same regionsdgfsdh
I don't know what you mean by "referrencing both security groups" but there is a SG rule to allow ingress from the lambda SG to the RDS sgsdgfsdh
Ok. To exactly identify the issue, provide more information about your configuration. If possible share screenshots of sg group & route table. Also you can try launch one EC2 instance in the same subnet(same subnet of Lambda). Use the Lambda security group for EC2. From the EC2, telnet to RDS on port 5432. If telnet is working then you can ensure that VPC peering is working and then the issue might be with Lambda.Jyothish Kumar S
@JyothishKumarS Thank you for your suggestion. Can confirm issue is with lambdasdgfsdh

1 Answers

0
votes

The issue in my case (maybe yours too?) was that the query was timing out, not the connection attempt. You can test this by changing the query to SELECT 1 AS x or similar. The solution is to optimize the query so that it can run in reasonable time.

The trick of launching an EC2 with similar settings to the Lambda and connecting via SSH is a good one.