0

I'm developing a lambda function that I write in DynamoDB. On one hand I have created a layer that has a script with the functions of DynamoDB:

class DynamoHandler():
    def __init__(self):
        self.resource = boto3.resource('dynamodb', region_name = 'eu-west-1')
        self.__table = None

 

    def set_table(self, table_name: str):
        table = self.resource.Table(table_name)
        table.table_arn
        self.__table = table

 

    def insert(self, item, **kwargs):
        self.__check_table()

 

        return self.__table.put_item(
            Item=item,
            **kwargs
        )

In the lambda I write the following code:

from dynamo_class import DynamoHandler
    db = DynamoHandler()
    db.set_table(TABLE NAME)
    db.insert(msg)

And I get the error:

[ERROR] EndpointConnectionError: Could not connect to the endpoint URL: "https://dynamodb.eu-west-1.amazonaws.com/"

Do you know how can I solve this problem? I have searched for similar errors but they occurred when the region was not specified, in my case in the DynamoDB class I assign the region "eu-west-1".

Improve this question
4
  • You might check the IAM permissions of the role running your lambda. Commented Aug 18, 2020 at 16:15
  • Is the lambda in a VPC? Commented Aug 18, 2020 at 21:07
  • @Jim yes, the lambda is assigned the permissions to read and write in DynamoDB. Commented Aug 19, 2020 at 7:24
  • 1
    @Marcin yes exactly, the lambda is in a VPC, thanks! Commented Aug 19, 2020 at 7:26

2 Answers 2

Reset to default
3

The timeout occurs most likely because lambda in a VPC has no internet nor public IP address. From docs:

Connecting a function to a public subnet doesn't give it internet access or a public IP address.

Subsequently, the lambda function can't connect to DynamoDB endpoint.

There are two ways to rectify the issue:

  • place the lambda in a private subnet and setup NAT gateway to enable lambda access the internet.
  • Use VPC Gateway for DynamoDB which would be better in this case, as for DynamoDB gateway there are no extra charges.
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

In addition to the great answer by Marcin above, have you checked that the Security Group associated with the function has the correct egress rules that allow the network interface to connect to either the DynamoDB or its NAT gateway?

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.