Ping Url or DNS Name From Lambda Function

0

I have a Lambda function, not running in a VPC, that does some simple HTTP, TCP, and ICMP health checks. The HTTP/S and TCP checks work just fine, however, when I try to ping a site or host name (like www.amazon.com or www.google.com), I get a Timed Out response. Is this because of the "statelessness" of ICMP and the reply ECHO responses simply aren't being allowed back through to the Lambda function? I don't want to run this in a VPC since the service is independent of other resources in the AWS account. Any ideas?

My code is as follows, and works running locally:

    using (Ping Pinger = new Ping())
    {
      try
        {
          PingReply Reply = await Pinger.SendPingAsync(Path, 500);

          if (Reply.Status == IPStatus.Success)
          {
            Success = true;
            Message = $"[INFO] : {Path} via PING is up!";
          }
          else
          {
            Message = $"[ERROR] : {Path} via PING is down with status: {Reply.Status.ToString()}.";
           }
         }
         catch (Exception e)
         {
           Message = $"[ERROR] : {Path} via PING failed with an unexpected error:\r\n{JsonConvert.SerializeObject(e)}.";
         }
       }
demandé il y a 7 ans6248 vues
2 réponses
2

I'm going to answer my own question. From the FAQ https://aws.amazon.com/lambda/faqs/ :

"Lambda attempts to impose as few restrictions as possible on normal language and operating system activities, but there are a few activities that are disabled: Inbound network connections are blocked by AWS Lambda, and for outbound connections only TCP/IP sockets are supported, and ptrace (debugging) system calls are blocked. TCP port 25 traffic is also blocked as an anti-spam measure."

Digging a little deeper from this blog and GitHub page https://www.jethrocarr.com/, the Lambda OS kernel lacks the CAP_NET_RAW kernel capability to manipulate raw sockets.

So, you can't do ICMP or UDP from a Lambda function.

répondu il y a 7 ans
1

AWS Lambda waived the restriction for UDP. The current FAQ documentation states:

Inbound network connections are blocked by AWS Lambda, and for outbound connections only TCP/IP and UDP/IP sockets are supported, and ptrace (debugging) system calls are blocked. TCP port 25 traffic is also blocked as an anti-spam measure.

répondu il y a 5 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions