Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

How to make Lambda connect to DocumentDB

0

I made a lambda function that needs to connect to my DocumentDB Cluster.

I created a security group for lambda to allow outbound 0.0.0.0/0. Then, I edited the VPC settings selecting my default VPC, 2 subnets, and the above security group. Note that the subnets are both public.

Then I modified the DocumentDB security group to allow inbound on 27017 from the lambda security group.

Still I am getting a timeout.

I read somewhere that the subnets need to be private but I only have public subnets, should I create 2 new private ones for this purpose only?

Any other useful suggestion?

thanks M

Themen
Vernetzung & Bereitstellung von InhaltenServerlosKalkulationAWS Framework mit guter Struktur
Tags
Amazon VPCAWS LambdaSicherheitSicherheitsgruppe
Sprache
English
rePost-User-3116220
gefragt vor einem Jahr1725 Aufrufe
1 Antwort
0

Hello,

  • Is the DocumentDB in the same default VPC?
  • I assume you didn't touch the NACLs or the default route tables?
  • Normally you should have connectivity between all subnets of a VPC by default. So it doesn't matter if the subnets are public or not (for prod, it is highly recommended to use private subnets for obvious security reasons).
  • If you don't find the issue, maybe you could try to connect with an EC2 instance by following this guide: https://docs.aws.amazon.com/documentdb/latest/developerguide/connect-ec2.html
AWS
Vincent
beantwortet vor einem Jahr
  • rePost-User-3116220
    vor einem Jahr

    Hello Vincent,

    DocumentDB is in the same VPC as lambda and my EC2s.

    I didn't touch NACLs or route tables, note that EC2s and ELB and ASG were made using Elastic Beanstalk.

    I am already able to connect to DocumentDB from my EC2s.

    DocumentDB is in a public subnet, should I move it to a private one? I don't remember I saw this option when I created the cluster.

    Thanks for your help.

  • Vincent
    vor einem Jahr

    Is your Lambda launched in the same subnet as your EC2 and using the same security groups? Does your Lambda have the right IAM permissions?

  • rePost-User-3116220
    vor einem Jahr

    Update: I just find out that I can connect to DocumentDB if my lambda is both in a public or private subnet. It just need to be in a subnet. Does that means that Doc umentDB is in a public subnet too? Do you think this configuration is secure?

    thanks

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt