4

Is it possible to access a publicly available RDS instance from a Lambda expression in the same VPC, without using a NAT? Could you please point me in the right direction to confugure this? Thanks.

RDS and Lambda have the same VPC, the same Subnets, the same Security group. The security group has 2 inbound rules:

  1. All Type - All Protocol - All Port Range - Source ALB security group
  2. All Type - All Protocol - All Port Range - Source security group itself

Is that correct?

Improve this question
4
  • Could you open VPC, then Edit DNS hostnames => enable DNS hostnames Commented Nov 27, 2019 at 9:11
  • The flag is already enabled. Commented Nov 27, 2019 at 9:13
  • 1
    I have just test. RDS and Lambda same VPC (Private) => its able to connect to RDS endpoint. Please check SG of RDS Commented Nov 27, 2019 at 9:43
  • Thanks for your time @TuanVA, I've edited my question, I'm surely doing something wrong with security group, may you help me? Commented Nov 27, 2019 at 9:52

2 Answers 2

Reset to default
4

The recommended configuration is:

  • Create a Security Group for the AWS Lambda function (Lambda-SG). It does not require any inbound rules.
  • Create a Security Group for the Amazon RDS db instance (DB-SG). It should allow an Inbound connection on the appropriate port (3306?) from Lambda-SG.

That is, DB-SG should specifically reference Lambda-SG as the source of the inbound connection.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Turns out that the Lambda was timing out RDS connection, due to callback deadlock like explained here: https://stackoverflow.com/a/42619071/2373113 Other thing to notice is that traffic inside the same security group must be explicitly enabled in rules.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.