Not getting any console readings from AWS Lambda when trying to connect to RDS

0
votes

I'm trying to verify that I'm able to connect to my RDS database, but nothing is logged in the connection promise / callback. I was able to connect from my local machine, but not on AWS. I'm out of ideas on how else I can debug this as I've done everything I can find online.

I've verified that the RDS instance and Lambda function in the same VPC, VPC security group, and subnets as suggested by this question. For that VPC security group, I've added 0.0.0.0/0 and ::/0, and the inbound rules can be seen below: enter image description here

The RDS instance is set to be publicly accessible, and setting to not publicly accessible doesn't make a difference. Below is the output I get from running the lambda function.

START RequestId: 9567a1be-d8d1-4b61-b9c4-4dd06ff36a4b Version: $LATEST
2021-07-21T23:52:47.115Z    9567a1be-d8d1-4b61-b9c4-4dd06ff36a4b    INFO    Lambda invoked
END RequestId: 9567a1be-d8d1-4b61-b9c4-4dd06ff36a4b
REPORT RequestId: 9567a1be-d8d1-4b61-b9c4-4dd06ff36a4b  Duration: 52.71 ms  Billed Duration: 53 ms  Memory Size: 128 MB Max Memory Used: 71 MB  Init Duration: 193.40 ms

I'm using the pg code I got from the node-postgres documentation. I went through the Amazon tutorial for connecting lambda function to rds, giving it a role with AWSLambdaVPCAccessExecutionRole (I didn't use the CLI as they have, I used the GUI on the website). I also read that the console object inside promises don't always return, so I've wrapped every promise in a try catch block and still nothing is returned.

const {Client, Pool} = require('pg')

const pool = new Pool({
  user: 'myusername', 
  password: 'mypassword', 
  host: 'blahblah.somestuff.us-east-2.rds.amazonaws.com', 
  port: 5432, 
  database: 'postgres'
})

pool.on('error', (err, client) => {
  console.error('Unexpected error on idle client', err)
  process.exit(-1)
})


exports.handler = function(event, context) {
  console.log('Lambda invoked') // this logs just fine
  
  try {
    var client = pool.connect((err, client, done) => {
      if (err) throw err
      console.log('connected')
      try {
        client.query('SELECT * FROM users WHERE id = $1', [1], (err, res) => {
          done()
          console.log('query has run')
          if (err) {
            throw err;
            // console.log(err.stack)
          } else {
            console.log(res.rows[0])
          }
        })
      } catch(err) {
        throw err
      }
    })
  }
  catch(err) {
    console.warn(err)
  }
};

Node-postgres 6.4.2, PostgreSQL 12.6R1

1
node.jsamazon-web-servicesaws-lambdanode-postgres
Why does the log not show an error message? Your code seems to be catching all error situations.John Rotenstein

1 Answers

0
votes

The proper configuration of the Security Groups would be:

  • A Security Group on the Lambda function (Lambda-SG) with default settings of Allow All Outbound
  • A Security Group on the Amazon RDS database (DB-SG) with an Inbound rule that permits traffic from Lambda-SG on port 5432 (for PostgreSQL)

That is, DB-SG specifically references Lambda-SG as permissible for inbound traffic. This is much cleaner than putting resources "in the same Security Group", which is an incorrect model because Security Groups apply to each resource individually.