Pushing to SQS through VPC Endpoint from lambda in private VPC fails


I have setup a private VPC where some lambda functions reside. Now I would like one of the lambdas to send messages to a SQS queue. For that I have created a VPC Endpoint to SQS.
The policy for the VPC endpoint allows everything for every user.
The policy for the SQS queue allows all SQS operations on the queue from everywhere.
The policy on the lambda function allows all SQS operations.
The Security Group of the VPC Endpoint allows all traffic on all protocols.

Everything is on eu-central-1.
The lambda that I want to send a messate to SQS times out here at the send_message call:

def send_message():
sqs_client = boto3.client("sqs", region_name="eu-central-1")

_message = {"key": "value"}_  
_response = sqs_client.send_message(_  
_print ("Response: ", response)_  

(Of course I have substituted the user-id and queue-name with the actual ones).
I have also tried all the DNS addresses that VPC Endpoint provides, but none work.

What have I missed?

asked 3 years ago2497 views
3 Answers


You should also have a look at the security groups for the Lambda function, and the Network ACL for the subnets that the function resides in.

answered 3 years ago

As of what I have understood, you are not required to add specific routes to the VPC Endpoint in the private subnets to get it working. Also, the Security Group is allowing all traffic on all protocols and ports.

The security group of the lambda function is allowing all outbound traffic.

answered 3 years ago

Oh, I had to set an inbound rule on the SG for the Lambda function that allows all traffic on all protocols and ports for the same SG that the VPC Endpoint had.

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions