My Lambda function has exactly the same IAM permissions as an IAM user I created for testing purposes. When I configure the AWS CLI on my local computer to use the IAM user and execute the following command:
aws rds-data execute-statement --resource-arn "arn:aws:rds:eu-central-1:xxxxxxxxxxx:cluster:xxxxxxxxxxx" --database="test" --secret-arn "arn:aws:secretsmanager:eu-central-1: xxxxxxxxxxx:secret:databaseclusterdatabaseSecr-xxxxxxxxxxx" --sql "show databases;"
it succeeds and prints all databases as expected.
When I do the same thing inside my lambda
const command = new ExecuteSqlCommand({
dbClusterOrInstanceArn, <--- matches the value I used for the CLI command
awsSecretStoreArn, <--- matches the value I used for the CLI command
sqlStatements: 'show databases;',
database: 'test',
});
const result = await databaseClient.client.send(command);
I receive the following error:
{
"name":"BadRequestException",
"$fault":"client",
"$metadata":{
"httpStatusCode":400,
"requestId":"74171357-0de6-4350-a776-d88a4ae748ac",
"attempts":1,
"totalRetryDelay":0
}
}
Do I have to perform any additional network configurations in order for my lambda to be able to connect to my serverless database cluster? Do my lambda and my cluster need to be in the same VPC? If not, can someone point me in the right direction as to how I can debug this problem? Thanks a lot guys.