AWS Lambda in VPC with RDS and Internet Connection

0 votes

I set up an Aurora Database (provisioned) in a newly created VPC and no public accessibility. As I want to run a Lambda function in the VPC that is able to both, access the RDS instances as well as the Internet, I changed the routing tables of the RDS instances to allow traffic from a NAT gateway which I placed in a public subnet in the same VPC.

For the Lambda function itself, I created a separate private subnet, also just allowing traffic from the NAT gateway in the routing table. I assigned this subnet and VPC to the Lambda function in the Lambda settings. The internet connection works fine with this configuration but I can not access the database. That's why I followed this post (https://serverfault.com/questions/941886/connect-an-aws-lambda-function-triggered-by-api-gateway-to-aurora-serverless-mys) and added the IP CIDR of the Lambda subnet to the Security Group of the RDS instances (called rds-launch-wizard).

Still, the Lambda function is able to interact with the public internet but can not connect to the RDS instances (timeout). I'm running out of ideas, what is wrong here?

Apr 12, 2022 in IoT (Internet of Things) by Rahul
 • 9,680 points 1,104 views

No answer to this question. Be the first to respond.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes

The configuration should be:

  • A public subnet with a NAT Gateway (and, by definition, an Internet Gateway)

  • A Private subnet with the Amazon RDS instance

  • The same, or a different, Private Subnet associated with the Lambda function

  • The Private Subnet(s) configured with a Route Table with a destination of 0.0.0.0/0 to the NAT Gateway

Then consider the Security Groups:

  • A security group for the Lambda function (Lambda-SG) that permits all outbound access

  • A security group for the RDS instance (RDS-SG) that should permit inbound access from Lambda-SG on the appropriate database port

That is, RDS-SG is allowing incoming traffic from Lambda-SG (by name). There is no need to use CIDRs in the security group.

The Lambda function will connect to a private subnet via an Elastic Network Interface (ENI) and will be able to communicate both with the RDS instance (directly) and with the Internet (via the NAT Gateway).

Please note that you are not directing "traffic from the NAT Gateway". Rather, you are directing Internet-bound traffic to the NAT Gateway. Nor is there such a thing as "routing tables of the RDS instances" because the Route Tables are associated with subnets, not RDS.

answered Apr 13, 2022 by Aditya
 • 7,680 points
edited Mar 5

Related Questions In IoT (Internet of Things)

0 votes
0 answers

Understanding IoT Rules of DynamoDB and Lambda in AWS

I am currently going through the "Quick ...READ MORE

Sep 27, 2018 in IoT (Internet of Things) by Matt
 • 2,270 points 1,163 views
0 votes
1 answer

Can we count AWS IoT successful connection number and message number and through a threshold notification?

Yes it is possible. You may take ...READ MORE

answered Apr 18, 2018 in IoT (Internet of Things) by hemant
 • 5,790 points 1,582 views
0 votes
1 answer

IBM Bluemix with IBM IoT Foundation throws error and refuses connection

I think you either forgot or did ...READ MORE

answered Jul 30, 2018 in IoT (Internet of Things) by DataKing99
 • 8,250 points 1,213 views
0 votes
1 answer

Integrate AWS IoT and Auduino Board using Lambda Function

There is Python version that sends email to ...READ MORE

answered Aug 29, 2018 in IoT (Internet of Things) by anonymous2
 • 4,240 points 654 views
0 votes
1 answer

Connection and publishing operations using paho-mqtt not working on AWS IoT

I'd say your issue is mainly that ...READ MORE

answered Mar 11, 2019 in IoT (Internet of Things) by Upasana
 • 8,620 points 3,485 views
0 votes
1 answer

How to work a AWS IOT Lambda with a devices?

Hey KanaguRaj, use this for reference: https://serverless.com/ ...READ MORE

answered Apr 12, 2019 in IoT (Internet of Things) by Vardhan
 • 13,150 points 901 views
0 votes
1 answer

how to access AWS S3 from Lambda in VPC

With boto3, the S3 urls are virtual by default, ...READ MORE

answered Sep 28, 2018 in AWS by Priyaj
 • 58,020 points 10,310 views
0 votes
1 answer

How to make ApiGateway point to specific Lambda bias

You actually need to make changes to ...READ MORE

answered Dec 21, 2018 in AWS by Archana
 • 5,640 points 1,585 views
0 votes
0 answers

AWS Lambda in VPC with RDS and Internet Connection

I set up an Aurora Database in ...READ MORE

Apr 21, 2022 in AWS by Rahul
 • 9,680 points 1,118 views
0 votes
0 answers

What is the meaning of inbound source of default RDS security group?

When I create an RDS, it seems ...READ MORE

Apr 25, 2022 in AWS by Rahul
 • 9,680 points 642 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.