2 Answers
- Newest
- Most votes
- Most comments
0
The VPC endpoint has an associated security group. The ENI for Lambda Function's VPC attachment also has a security group associated. Please ensure that the VPC endpoint's security group has an ingress rule allowing traffic from the Lambda Function's security group.
Please see here for more details on accessing services using a VPC endpoint.
answered 2 years ago
0
I had this problem because I had set "EnableDnsSupport" to false in my CDK configuration. When I set it to true it was able to reach my table.
Check if DNS Resolution is enabled for your private VPC.
answered a year ago
Relevant content
- asked a year ago
- How can I access an Amazon EMR cluster through an application if the cluster is in a private subnet?AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Hi Aaron. Thanks a lot for your reply and information. Looking at the settings, we are unable to find the security group of the VPC endpoint since it is a Gateway endpoint to DynamoDB. looking at the documentation shared, security groups on VPC endpoints only are available for Interface endpoints. On the Gateway endpoint for DynamoDB we only have the option to modify the endpoint policy. On the other hand, the security group of the ENI now has the endpoint ID as part of the outbound rules using port 443 and for the destination the endpoint prefix (pl-xxxx). It is still not working.
Same here. I can confirm the above comment. There is NO security group setting for Dyanmodb VPC Endpoint as it is Gateway endpoint (not Interface endpoint). Help would be appreciated.
I agree with the above comments. Following the examples of creating a private subnet with a VPC endpoint for DynamoDb, attaching a Lambda function to the private subnet, and allowing access to the gateway using a security group with the prefix route for the DynamoDb gateway (pl-xxxx) does not seem to work.