TS Lambda in VPC cannot publish to IoT Core


Here is the relevant code in the lambda ():

import { APIGatewayProxyEvent, APIGatewayProxyResult } from aws-lambda;
import AWS from 'aws-sdk'

 @param {Object} event - API Gateway Lambda Proxy Input Format
 @returns {Object} object - API Gateway Lambda Proxy Output Format

export const lambdaHandler = async (
    event: APIGatewayProxyEvent
): Promise<APIGatewayProxyResult> => {

    try {
        let body: any
        let routeKey = (event as any).path

        if (routeKey === "/iot-test") {

            const iotdata = new AWS.IotData({
                endpoint: 'my IoT endpoint f5'

            const params = {
                topic: "test/lambda",
                payload: "POC lambda reaching IOT topic"

            let res = await iotdata.publish(params, (err: any, data: any) => {
                if (err) {
                    console.error("Error occurred during iot", err);
                } else {
                    body = { message: "Successfully published", res }
 } catch (error) {
        console.error('Error:', error);
        return {
            statusCode: 500,
            headers: {
                "Access-Control-Allow-Origin": "*",
            body: JSON.stringify({
                error: 'Error completing request',
                message: error

The lambda is in VPC "a1" in security group "b1" with subnets d1,d2,d3. It has a role with IoT full access. I have created a VPC endpoint in VPC a1 in security group b1 with subnets d1,d2,d3. The main DNS name from that endpoint is e5. Then, I have created a private hosted zone in Route53 and made the hosted zone name my AWS IoT endpoint f5 (retreived via: aws iot describe-endpoint --endpoint-type iot:Data-ATS). Then I created a record, left out the domain name (so it would use the hosted zone name), set the type to A, value/route traffic to Alias to VPC endpoint, selected the correct region, and put in the VPC endpoint DNS name (e5) then created the record. When I point my lambda to my aws IoT endpoint f5 and hit the correct route, it just hangs and gives me no feedback (postman -> API gateway -> lambda) even though it is in a try-catch - indicating that something is just hanging.

I have gone over this connection a few times making sure I have the endpoints in the right places, that I can hit the lambda in the route normally and get a test string back, but I am not sure what else to try and have been blocked for a few days now.

Would appreciate any insight and can answer any questions as well, thanks!

1 Answer

Hi Ben, I had a few questions.

  1. Can you share the CloudWatch Logs output from the Lambda?
  2. I don't see an Else or IfElse in your code. Can you add one just for debugging purposes with a console.error statement to see if you do end up dropping into that block?
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions