By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS lambda function not able to resolve or connect to ipv6 only domain

0

I implemented a AWS lambda function which shall pass an Alexa custom skill event to my domain for processing, see code below.

const https = require('https'); exports.handler = (event, context, callback) => { var options = { hostname: '<my.domain.com>', path: '/<mypath>', port: 443, method: 'POST', rejectUnauthorized: false, headers: { 'Content-Type': 'application/json', 'Authorization': '<my base64 user:password>' } }; const req = https.request(options, (res) => { let body = ''; console.log('Status:', res.statusCode); console.log('Headers:', JSON.stringify(res.headers)); res.setEncoding('utf8'); res.on('data', (chunk) => { body += chunk; }); res.on('end', () => { console.log('Successfully processed HTTPS response'); body = JSON.parse(body); callback(null, body); }); }); req.on('error', callback); req.write(JSON.stringify(event)); req.end(); };

The function runs serverless, not connected to a VPC.

The domain <my.domain.com> resolves to an IPv6 address and I am able to connect to my host for example from an internet instance using curl and receive the expected answers.

curl -i -k -v -X POST -d testcase.json -u user:password https://<my.domain.com>:<my port>/<my path>

In AWS I implemented a test case and run it. The test returned the error ENOTFOUND from function getaddrinfo trying to resolve my domain, see execution result below.

Test Event Name Test0001

Response { "errorType": "Error", "errorMessage": "getaddrinfo ENOTFOUND <my.domain.com>", "trace": [ "Error: getaddrinfo ENOTFOUND <my.domain.com>", " at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:71:26)" ] }

Function Logs LOGS Name: cloudwatch_lambda_agent State: Subscribed Types: [platform] EXTENSION Name: cloudwatch_lambda_agent State: Ready Events: [SHUTDOWN,INVOKE] START RequestId: 78314f37-e991-4d3d-b4f2-03da64bf91b7 Version: $LATEST 2022-09-24T04:59:06.966Z 78314f37-e991-4d3d-b4f2-03da64bf91b7 ERROR Invoke Error {"errorType":"Error","errorMessage":"getaddrinfo ENOTFOUND <my.domain.com>","code":"ENOTFOUND","errno":-3008,"syscall":"getaddrinfo","hostname":"<my.domain.com>","stack":["Error: getaddrinfo ENOTFOUND <my.domain.com>"," at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:71:26)"]} END RequestId: 78314f37-e991-4d3d-b4f2-03da64bf91b7 REPORT RequestId: 78314f37-e991-4d3d-b4f2-03da64bf91b7 Duration: 425.43 ms Billed Duration: 426 ms Memory Size: 128 MB Max Memory Used: 76 MB Init Duration: 248.14 ms

During my investigation I found the hint to add option „family: 6,“. Using this option the test case resolves the domain now to the correct ipv6 address, but returns then EAFNOSUPPORT trying to connect to the address, see execution result below.

Request ID 78314f37-e991-4d3d-b4f2-03da64bf91b7

Test Event Name Test0001

Response { "errorType": "Error", "errorMessage": "connect EAFNOSUPPORT xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:443 - Local (undefined:undefined)", "trace": [ "Error: connect EAFNOSUPPORT xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:443 - Local (undefined:undefined)", " at internalConnect (node:net:953:16)", " at defaultTriggerAsyncIdScope (node:internal/async_hooks:465:18)", " at GetAddrInfoReqWrap.emitLookup [as callback] (node:net:1097:9)", " at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:73:8)" ] }

Function Logs LOGS Name: cloudwatch_lambda_agent State: Subscribed Types: [platform] EXTENSION Name: cloudwatch_lambda_agent State: Ready Events: [INVOKE,SHUTDOWN] START RequestId: f3493148-071f-466d-94c7-d29a0d715640 Version: $LATEST 2022-09-24T05:06:52.877Z f3493148-071f-466d-94c7-d29a0d715640 ERROR Invoke Error {"errorType":"Error","errorMessage":"connect EAFNOSUPPORT xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:443 - Local (undefined:undefined)","code":"EAFNOSUPPORT","errno":-97,"syscall":"connect","address":"xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx","port":443,"stack":["Error: connect EAFNOSUPPORT xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:443 - Local (undefined:undefined)"," at internalConnect (node:net:953:16)"," at defaultTriggerAsyncIdScope (node:internal/async_hooks:465:18)"," at GetAddrInfoReqWrap.emitLookup [as callback] (node:net:1097:9)"," at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:73:8)"]} END RequestId: f3493148-071f-466d-94c7-d29a0d715640 REPORT RequestId: f3493148-071f-466d-94c7-d29a0d715640 Duration: 447.45 ms Billed Duration: 448 ms Memory Size: 128 MB Max Memory Used: 76 MB Init Duration: 231.52 ms

Request ID f3493148-071f-466d-94c7-d29a0d715640

Any further investigation was not successful. I assume it is an issue using IPv6, but I am not able to solve it. Any help is appreciated. Thank you in advance.

Joachim

Topics
ServerlessComputeNetworking & Content Delivery
Tags
ServerlessAWS LambdaIPv6
Language
English
rePost-User-1452520
asked 2 years ago1517 views
2 Answers
1
Accepted Answer

Lambda currently does not support outbound IPv6 connections. You will either need to use IPv4 or create some dual stack proxy that will forward the request from v4 to v6.

profile pictureAWS
EXPERT
Uri
answered 2 years ago
profile pictureAWS
EXPERT
Brettski-AWS
reviewed 2 years ago
0

Thank you for your answer, you are right. The note from Dec'2021 talks about supporting ipv6 for inbound connections only, not outbound. Therefore I have to look for an ipv4 solution instead or wait for ipv6 support.

rePost-User-1452520
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content