By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Timeout error accesing MySql RDS from a Lambda function

0

Hi,

I have a problem connecting from a lambda function with a RDS MySql database.
I try to follow the tutorial http://docs.aws.amazon.com/lambda/latest/dg/vpc.html , but when I try to connect with the database, the lambda function return allways a timeout error. I have tried with several roles and security groups... but I have achieved nothing.
I think I'm doing something wrong... please help me.

I have a function for test:

//loading required modules;
console.log('Loading function');
var mysql= require('mysql');
//This handler will invok after receiving the event with username,password and status
module.exports.testeo = function(event, context, callback) {
	var conn = mysql.createConnection({
	  host     : 'xxxxxxx.eu-west-1.rds.amazonaws.com',
	  user     : 'xxxxxxx',
	  password : 'xxxxxxx',
	  database : 'xxxxxxx'
	});
	conn.connect(function(err) {  // creating database connection
  		if (err) {
	    console.error('error connecting: ' + err.stack); // on error
		return;
		}
	    console.log('connected as id ' + conn.threadId);
	});
console.log("ok");	   
};

In the lambda funtion I have this configuration:

  • Role: miclub-beta-eu-west-1-lambdaRole (with policies: AmazonLambdaVPCAccessExecutionRole, AmazonRDSFullAccess, AmazonRDSDirectoryServiceAccess)
  • VPC: vpc-c84ec6af(172.30.0.0/16)
  • Subnets: subnet-9e7af9f9 (172.30.0.0/24) | eu-west-1a ; subnet-ecba31a5 (172.30.1.0/24) | eu-west-1b ; subnet-4700cf1c (172.30.0.0/24) | eu-west-1c
  • Security groups: sg-1626b96e (default) (Inbound rules: ports: All sources: sg-1626b96e; Outbound: Ports: All destination: 0.0.0.0/0)

In the RDS Instance I have this configuration:

  • Multi-AZ Deployment: No
  • Security group: default (sg-1626b96e) (vpc-c84ec6af)
  • Publicly Accesible: Yes
  • Enable IAM DB Authentication: No

I can access to the RDS from external IPs without problems... but I can't access from lambda functions.
Please... what is wrong?

Topics
ServerlessCompute
Tags
AWS Lambda
Language
English
70n1
asked 7 years ago2911 views
2 Answers
1

I solved it following the page: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html

I have created a new VPC Security group (for using in the lambda functions). For this group I have added a inbound rule (I accept ALL TRAFFIC for source 172.30.0.0/16 (all the VPC)).

I have added an inbound and an outbound rules in the VPC Security group of the RDS, in inbound accepting ALL TRAFFIC for source of the other security group (the group created for lambda).. and in outbound accepting ALL TRAFFIC for destination of the other security group.

70n1
answered 7 years ago
profile picture
EXPERT
Antonio_Lagrotteria
reviewed 4 months ago
  • Joao Dias
    2 months ago

    I created an account here just to thumbs up this solution. It solved my problem. But I did it slightly different: I just changed the inbound rule of the RDS to accept all IPv4 and IPv6. I didn't even use a security group for my Lambda Function

0

Thank you, this works!

SimonTheBear
answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content