AWS Lambda in VPC times out in Cognito Post Confirmation Trigger

Question

I have a Cognito user pool and a lambda function in a VPC. That lambda function is hooked up to a 'Post confirmation Lambda trigger'.

The lambda function is a little Go function that is doing a call to Cognito itself to get some data regarding the just signed-up user. However, after calling CognitoIdentityProvider.AdminGetUser(....) my lambda function times out.

I tried to move the Lambda function out of the VPC, and it seems to work without problems. I am simply following the examples. However, the lambda function needs to be in the VPC since my RDS instance is also there, and I need to make connections to my RDS instance as well.

So to 'illustrate'.

User confirms email (through Cognito) -> Lambda in VPC gets triggered -> CognitoIdentityProvider.AdminGetUser() -> Times out.

Can someone maybe give me some insights on how I can make my lambda function work?

Answer

Hi, @karljohn_peoples.

Your Lambda function probably can't reach Cognito's public endpoint.

Add a route from the subnet of VPC Lambda to the NAT Gateway and change it so that it can go outbound to the Internet, and check if it works.

If that works, you need to either secure an internet outbound route or add a VPC endpoint.

AWS Lambda in VPC times out in Cognito Post Confirmation Trigger

Relevanter Inhalt