Ping Url or DNS Name From Lambda Function

0

I have a Lambda function, not running in a VPC, that does some simple HTTP, TCP, and ICMP health checks. The HTTP/S and TCP checks work just fine, however, when I try to ping a site or host name (like www.amazon.com or www.google.com), I get a Timed Out response. Is this because of the "statelessness" of ICMP and the reply ECHO responses simply aren't being allowed back through to the Lambda function? I don't want to run this in a VPC since the service is independent of other resources in the AWS account. Any ideas?

My code is as follows, and works running locally:

    using (Ping Pinger = new Ping())
    {
      try
        {
          PingReply Reply = await Pinger.SendPingAsync(Path, 500);

          if (Reply.Status == IPStatus.Success)
          {
            Success = true;
            Message = $"[INFO] : {Path} via PING is up!";
          }
          else
          {
            Message = $"[ERROR] : {Path} via PING is down with status: {Reply.Status.ToString()}.";
           }
         }
         catch (Exception e)
         {
           Message = $"[ERROR] : {Path} via PING failed with an unexpected error:\r\n{JsonConvert.SerializeObject(e)}.";
         }
       }
asked 7 years ago6194 views
2 Answers
2

I'm going to answer my own question. From the FAQ https://aws.amazon.com/lambda/faqs/ :

"Lambda attempts to impose as few restrictions as possible on normal language and operating system activities, but there are a few activities that are disabled: Inbound network connections are blocked by AWS Lambda, and for outbound connections only TCP/IP sockets are supported, and ptrace (debugging) system calls are blocked. TCP port 25 traffic is also blocked as an anti-spam measure."

Digging a little deeper from this blog and GitHub page https://www.jethrocarr.com/, the Lambda OS kernel lacks the CAP_NET_RAW kernel capability to manipulate raw sockets.

So, you can't do ICMP or UDP from a Lambda function.

answered 7 years ago
1

AWS Lambda waived the restriction for UDP. The current FAQ documentation states:

Inbound network connections are blocked by AWS Lambda, and for outbound connections only TCP/IP and UDP/IP sockets are supported, and ptrace (debugging) system calls are blocked. TCP port 25 traffic is also blocked as an anti-spam measure.

answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions