Timeout error accesing MySql RDS from a Lambda function



I have a problem connecting from a lambda function with a RDS MySql database.
I try to follow the tutorial http://docs.aws.amazon.com/lambda/latest/dg/vpc.html , but when I try to connect with the database, the lambda function return allways a timeout error. I have tried with several roles and security groups... but I have achieved nothing.
I think I'm doing something wrong... please help me.

I have a function for test:

//loading required modules;
console.log('Loading function');
var mysql= require('mysql');
//This handler will invok after receiving the event with username,password and status
module.exports.testeo = function(event, context, callback) {
	var conn = mysql.createConnection({
	  host     : 'xxxxxxx.eu-west-1.rds.amazonaws.com',
	  user     : 'xxxxxxx',
	  password : 'xxxxxxx',
	  database : 'xxxxxxx'
	conn.connect(function(err) {  // creating database connection
  		if (err) {
	    console.error('error connecting: ' + err.stack); // on error
	    console.log('connected as id ' + conn.threadId);

In the lambda funtion I have this configuration:

  • Role: miclub-beta-eu-west-1-lambdaRole (with policies: AmazonLambdaVPCAccessExecutionRole, AmazonRDSFullAccess, AmazonRDSDirectoryServiceAccess)
  • VPC: vpc-c84ec6af(
  • Subnets: subnet-9e7af9f9 ( | eu-west-1a ; subnet-ecba31a5 ( | eu-west-1b ; subnet-4700cf1c ( | eu-west-1c
  • Security groups: sg-1626b96e (default) (Inbound rules: ports: All sources: sg-1626b96e; Outbound: Ports: All destination:

In the RDS Instance I have this configuration:

  • Multi-AZ Deployment: No
  • Security group: default (sg-1626b96e) (vpc-c84ec6af)
  • Publicly Accesible: Yes
  • Enable IAM DB Authentication: No

I can access to the RDS from external IPs without problems... but I can't access from lambda functions.
Please... what is wrong?

asked 5 years ago856 views
2 Answers

I solved it following the page: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html

I have created a new VPC Security group (for using in the lambda functions). For this group I have added a inbound rule (I accept ALL TRAFFIC for source (all the VPC)).

I have added an inbound and an outbound rules in the VPC Security group of the RDS, in inbound accepting ALL TRAFFIC for source of the other security group (the group created for lambda).. and in outbound accepting ALL TRAFFIC for destination of the other security group.

answered 5 years ago

Thank you, this works!

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions