Timeout error accesing MySql RDS from a Lambda function

0

Hi,

I have a problem connecting from a lambda function with a RDS MySql database.
I try to follow the tutorial http://docs.aws.amazon.com/lambda/latest/dg/vpc.html , but when I try to connect with the database, the lambda function return allways a timeout error. I have tried with several roles and security groups... but I have achieved nothing.
I think I'm doing something wrong... please help me.

I have a function for test:

//loading required modules;
console.log('Loading function');
var mysql= require('mysql');
//This handler will invok after receiving the event with username,password and status
module.exports.testeo = function(event, context, callback) {
	var conn = mysql.createConnection({
	  host     : 'xxxxxxx.eu-west-1.rds.amazonaws.com',
	  user     : 'xxxxxxx',
	  password : 'xxxxxxx',
	  database : 'xxxxxxx'
	});
	conn.connect(function(err) {  // creating database connection
  		if (err) {
	    console.error('error connecting: ' + err.stack); // on error
		return;
		}
	    console.log('connected as id ' + conn.threadId);
	});
console.log("ok");	   
};

In the lambda funtion I have this configuration:

  • Role: miclub-beta-eu-west-1-lambdaRole (with policies: AmazonLambdaVPCAccessExecutionRole, AmazonRDSFullAccess, AmazonRDSDirectoryServiceAccess)
  • VPC: vpc-c84ec6af(172.30.0.0/16)
  • Subnets: subnet-9e7af9f9 (172.30.0.0/24) | eu-west-1a ; subnet-ecba31a5 (172.30.1.0/24) | eu-west-1b ; subnet-4700cf1c (172.30.0.0/24) | eu-west-1c
  • Security groups: sg-1626b96e (default) (Inbound rules: ports: All sources: sg-1626b96e; Outbound: Ports: All destination: 0.0.0.0/0)

In the RDS Instance I have this configuration:

  • Multi-AZ Deployment: No
  • Security group: default (sg-1626b96e) (vpc-c84ec6af)
  • Publicly Accesible: Yes
  • Enable IAM DB Authentication: No

I can access to the RDS from external IPs without problems... but I can't access from lambda functions.
Please... what is wrong?

70n1
질문됨 7년 전2815회 조회
2개 답변
1

I solved it following the page: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html

I have created a new VPC Security group (for using in the lambda functions). For this group I have added a inbound rule (I accept ALL TRAFFIC for source 172.30.0.0/16 (all the VPC)).

I have added an inbound and an outbound rules in the VPC Security group of the RDS, in inbound accepting ALL TRAFFIC for source of the other security group (the group created for lambda).. and in outbound accepting ALL TRAFFIC for destination of the other security group.

70n1
답변함 7년 전
profile picture
전문가
검토됨 4달 전
  • I created an account here just to thumbs up this solution. It solved my problem. But I did it slightly different: I just changed the inbound rule of the RDS to accept all IPv4 and IPv6. I didn't even use a security group for my Lambda Function

0

Thank you, this works!

답변함 4년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠