Ping Url or DNS Name From Lambda Function

0

I have a Lambda function, not running in a VPC, that does some simple HTTP, TCP, and ICMP health checks. The HTTP/S and TCP checks work just fine, however, when I try to ping a site or host name (like www.amazon.com or www.google.com), I get a Timed Out response. Is this because of the "statelessness" of ICMP and the reply ECHO responses simply aren't being allowed back through to the Lambda function? I don't want to run this in a VPC since the service is independent of other resources in the AWS account. Any ideas?

My code is as follows, and works running locally:

    using (Ping Pinger = new Ping())
    {
      try
        {
          PingReply Reply = await Pinger.SendPingAsync(Path, 500);

          if (Reply.Status == IPStatus.Success)
          {
            Success = true;
            Message = $"[INFO] : {Path} via PING is up!";
          }
          else
          {
            Message = $"[ERROR] : {Path} via PING is down with status: {Reply.Status.ToString()}.";
           }
         }
         catch (Exception e)
         {
           Message = $"[ERROR] : {Path} via PING failed with an unexpected error:\r\n{JsonConvert.SerializeObject(e)}.";
         }
       }
已提問 7 年前檢視次數 6248 次
2 個答案
2

I'm going to answer my own question. From the FAQ https://aws.amazon.com/lambda/faqs/ :

"Lambda attempts to impose as few restrictions as possible on normal language and operating system activities, but there are a few activities that are disabled: Inbound network connections are blocked by AWS Lambda, and for outbound connections only TCP/IP sockets are supported, and ptrace (debugging) system calls are blocked. TCP port 25 traffic is also blocked as an anti-spam measure."

Digging a little deeper from this blog and GitHub page https://www.jethrocarr.com/, the Lambda OS kernel lacks the CAP_NET_RAW kernel capability to manipulate raw sockets.

So, you can't do ICMP or UDP from a Lambda function.

已回答 7 年前
1

AWS Lambda waived the restriction for UDP. The current FAQ documentation states:

Inbound network connections are blocked by AWS Lambda, and for outbound connections only TCP/IP and UDP/IP sockets are supported, and ptrace (debugging) system calls are blocked. TCP port 25 traffic is also blocked as an anti-spam measure.

已回答 5 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南