External internet access for a VPC enabled lambda

Question

Hi,  
  
My first lambda function has no Internet access despite following a number of similar instructions, including Amazon's own documentation.  
  
https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/  
https://forums.aws.amazon.com/thread.jspa?messageID=705279  
https://gist.github.com/reggi/dc5f2620b7b4f515e68e46255ac042a7  
  
Attempts to run a traceroute in a lambda function to see where the problem may lie return "access denied."    
  
1. How does one debug routing issues if I cannot ping/traceroute/etc?  
2.  Are there instructions somewhere else that actually work?  
  
I've got hours into this problem at this point.

Answer

Thanks!  Allowing icmp got me over the hump.

Answer

Hi,  
To debug, I would first create a regular EC2 instance in the subnet(s) that you are using for you VPC Lambda to see if you can connect to the Internet from the EC2 instance. That way you can narrow down the scope of the problem (i.e. if you cannot connect, then you can assume for now that Lambda is NOT related to the problem).  
  
Is the subnet you are using a public or private subnet?  
If it is a private subnet, do you have a NAT Gateway setup to allow access to the internet?  
You can also modify Security Groups to allow "ping"/ICMP traffic if that would be helpful.  
-randy

External internet access for a VPC enabled lambda

相关内容