Ping Url or DNS Name From Lambda Function

0

I have a Lambda function, not running in a VPC, that does some simple HTTP, TCP, and ICMP health checks. The HTTP/S and TCP checks work just fine, however, when I try to ping a site or host name (like www.amazon.com or www.google.com), I get a Timed Out response. Is this because of the "statelessness" of ICMP and the reply ECHO responses simply aren't being allowed back through to the Lambda function? I don't want to run this in a VPC since the service is independent of other resources in the AWS account. Any ideas?

My code is as follows, and works running locally:

    using (Ping Pinger = new Ping())
    {
      try
        {
          PingReply Reply = await Pinger.SendPingAsync(Path, 500);

          if (Reply.Status == IPStatus.Success)
          {
            Success = true;
            Message = $"[INFO] : {Path} via PING is up!";
          }
          else
          {
            Message = $"[ERROR] : {Path} via PING is down with status: {Reply.Status.ToString()}.";
           }
         }
         catch (Exception e)
         {
           Message = $"[ERROR] : {Path} via PING failed with an unexpected error:\r\n{JsonConvert.SerializeObject(e)}.";
         }
       }
gefragt vor 7 Jahren6194 Aufrufe
2 Antworten
2

I'm going to answer my own question. From the FAQ https://aws.amazon.com/lambda/faqs/ :

"Lambda attempts to impose as few restrictions as possible on normal language and operating system activities, but there are a few activities that are disabled: Inbound network connections are blocked by AWS Lambda, and for outbound connections only TCP/IP sockets are supported, and ptrace (debugging) system calls are blocked. TCP port 25 traffic is also blocked as an anti-spam measure."

Digging a little deeper from this blog and GitHub page https://www.jethrocarr.com/, the Lambda OS kernel lacks the CAP_NET_RAW kernel capability to manipulate raw sockets.

So, you can't do ICMP or UDP from a Lambda function.

beantwortet vor 7 Jahren
1

AWS Lambda waived the restriction for UDP. The current FAQ documentation states:

Inbound network connections are blocked by AWS Lambda, and for outbound connections only TCP/IP and UDP/IP sockets are supported, and ptrace (debugging) system calls are blocked. TCP port 25 traffic is also blocked as an anti-spam measure.

beantwortet vor 5 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen