AWS Lambda in VPC times out in Cognito Post Confirmation Trigger

0

I have a Cognito user pool and a lambda function in a VPC. That lambda function is hooked up to a 'Post confirmation Lambda trigger'.

The lambda function is a little Go function that is doing a call to Cognito itself to get some data regarding the just signed-up user. However, after calling CognitoIdentityProvider.AdminGetUser(....) my lambda function times out.

I tried to move the Lambda function out of the VPC, and it seems to work without problems. I am simply following the examples. However, the lambda function needs to be in the VPC since my RDS instance is also there, and I need to make connections to my RDS instance as well.

So to 'illustrate'.

User confirms email (through Cognito) -> Lambda in VPC gets triggered -> CognitoIdentityProvider.AdminGetUser() -> Times out.

Can someone maybe give me some insights on how I can make my lambda function work?

asked a year ago1293 views
1 Answer
1

Hi, @karljohn_peoples.

Your Lambda function probably can't reach Cognito's public endpoint.

Add a route from the subnet of VPC Lambda to the NAT Gateway and change it so that it can go outbound to the Internet, and check if it works.

If that works, you need to either secure an internet outbound route or add a VPC endpoint.

profile picture
EXPERT
iwasa
answered a year ago
  • Thank you for your answer Iwasa, I just figured out that I could get all the data already actually from the event. I completely missed that.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions