Accession EC2 Information via Lambda on VPC

Question

I have written Lambda function(s) to do various things for EC2 Instances. One is to pull many of each EC2 details and the script works fine. The issue is having the function be connecting to any VPC. This times out no matter what I have done. It has to be something with security groups, but I just can't get it. The simple line that times-out is below.

ec2 = boto3.client('ec2', region_name=s_region)
response = ec2.describe_instances()

The SG for EC2 instances has 1 inbound rule, all traffic, custom, 0.0.0.0/0 and 1 outbound rule IPv4, All Traffic, All Protocols, All Ports, Destination 0.0.0.0/0
The SG for Lambda has no inbound rules and 2 outbound rules, IPv4, All Traffic, All Protocols, All Ports, Destination 0.0.0.0/0
The 2nd rule is no IP version, All traffic, All Protocols, All Ports, Destination=sg-01ce7e0da8e718c0f / cermak-all-all-sg-cermakVPC (SG for EC2 Instances).

I've read all the threads on setting up SGs for this but can't get it to work.
I'm hoping someone will say "hey dummy it's this". 
Thanks...Larry

Uri Segev · Answer

The issue is the fact that you attached the function to the VPC. When your function uses default networking, it has access to the public network (including all AWS services' APIs), but not to your private VPC resources. When you attach it to the VPC, your function has access to your VPC resources, but not to the public internet. To resolve that, you need to create either VPC Endpoint to the AWS services you want to access (EC2 in your case) or a NAT Gateway for any other destination.

Accession EC2 Information via Lambda on VPC

Add your answer

Relevant content