Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

A Lambda function that invoke another lambda function failed on cloud but working locally with sam invoke

0

0

I have 2 Lambda functions, function A will invoke function B with the following code:

response_lambda = lambda_client.invoke(
      FunctionName='arn:aws:lambda:ap-southeast-2:somerandomtext:function:functionB',
      InvocationType='RequestResponse',  
      Payload=payload_bytes
)

When I invoke Function A locally with sam, it runs successfully without any issue and Function B is invoked succesfully too. The command i used is:

sam local invoke functionA > response.json

However, when i deployed Function A to the cloud and run it on the cloud, it always gets timeout, I have tried:

  1. using an aws cli command to run in my local terminal, which is: aws lambda invoke --function-name functionA --cli-binary-format raw-in-base64-out response.json

In response.txt, i get:

{"errorMessage":"2025-03-31T23:12:09.503Z randome-1234-1234-94cb-somerandomtext Task timed out after 20.02 seconds"}

In the console, i will read:

Read timeout on endpoint URL: "https://lambda.ap-southeast-2.amazonaws.com/2015-03-31/functions/functionA/invocations"

  1. Directly invoke in AWS Console of lambda functionA
  2. Invoking Function A with eventBridge scheduler

All of them got time out. I have set the Timeout of Function A in template.yaml to very long, say 1000 seconds, but it will time out anyways when the time comes.

I am suspecting in the cloud environment, the VPC of Function A cannot reach the internet to invoke Function B. Function A and B are sitting in the same VPC and i don't understand why AWS doesn't invoking each other internally.

Any clues on the solution is much appreciated! Thank you!

Topics
ServerlessCompute
Tags
AWS Serverless Application Model (SAM)AWS Lambda
Language
English
asked 9 months ago281 views
2 Answers
1
Accepted Answer

Hello.

Are you connecting your Lambda function to a VPC in your AWS account?
If there is no requirement for the Lambda function to access resources within a VPC, there is no need to connect to the VPC, so I think the problem can be solved by disconnecting it.
If you need to access resources within a VPC, you will need to setup a NAT Gateway or a VPC endpoint for Lambda in the connected VPC.
By the way, when setting up a VPC endpoint, be sure to configure the VPC endpoint's security group to allow HTTPS connections from Lambda.
https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc-endpoints.html

EXPERT
answered 9 months ago
EXPERT
reviewed 9 months ago
  • Willie
    9 months ago

    Hi, thank you so much. Although i can't manage to get it work by seting up an NAT gateway, I managed to get it work my configured a VPC endpoint.

0

Based on the information provided, it appears that the issue you're experiencing is likely related to network configuration in your AWS environment. Here are a few points to consider:

  1. VPC Configuration: If your Lambda functions are configured to run within a VPC, they need proper network access to communicate with other AWS services, including other Lambda functions. By default, Lambda functions in a VPC do not have internet access unless properly configured.

  2. NAT Gateway: For Lambda functions in a private subnet to access the internet (which is required to invoke other Lambda functions via their ARN), you need to set up a NAT Gateway in a public subnet and configure your route tables accordingly.

  3. Security Groups: Ensure that the security groups associated with your Lambda functions allow outbound traffic on the necessary ports.

  4. Execution Role Permissions: Verify that the IAM execution role for Function A has the necessary permissions to invoke Function B. It should have the "lambda:InvokeFunction" permission for Function B's ARN.

  5. Subnet Configuration: Make sure all subnets configured for the function are private and have default routes to a NAT Gateway. If you're using AWS Transit Gateway, verify that it allows the function to access the public internet.

To resolve this issue:

  1. Check your VPC configuration and ensure that your Lambda functions have the necessary network access.
  2. Set up a NAT Gateway if you haven't already, and configure your route tables to direct internet-bound traffic through the NAT Gateway.
  3. Review and update your security group settings to allow necessary outbound traffic.
  4. Verify the IAM permissions for Function A's execution role.
  5. Double-check your subnet configurations and routing.

If the issue persists after making these changes, you may want to use VPC Flow Logs to verify outbound traffic and identify any potential network-related problems. Additionally, consider using the Lambda ENI Finder to locate the IP address of your function's elastic network interface for further troubleshooting.

Remember, when testing locally with SAM, the network configuration is different from your cloud environment, which is why it works locally but fails in the cloud. Always ensure your cloud environment is properly configured to match your local testing setup.
Sources
Troubleshoot ETIMEDOUT error in my Lambda function | AWS re:Post
Lambda API returns 200 on request timeout error | AWS re:Post

answered 9 months ago
EXPERT
reviewed 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content