0

I have a lambda application that needs to access Elasticache with Memcached engine.

I have configured my elasticache correctly, and can even access it from Elastic beanstalk. I have connected to my node via telnet for testing as well.

To access elasticache from Lambda, I have done the following:

  1. Configured my cache, and confirmed connecting, setting and getting cached items from my node
  2. Setup my function to run off of the same VPC as my cluster
  3. Assigned my function the subnet used by my cache (Subnet group), and resides in the same VPC.
  4. Assigned my function the Security group that opens port 11211
  5. My function Role has the following policies attached (AWSLambdaFUllAccess, AWSLambdaBasicExecutionRole and AWSLambdaVPCAccessExecutionRole).

Is there something else I need to be doing?

I get the following in the logs

Error Enyim.Caching.MemcachedClient: Create PooledSocket
    Error Enyim.Caching.MemcachedClient: Could not init pool.
    Debug Enyim.Caching.MemcachedClient: Mark as dead was requested for 
Unspecified/mynodeurl.cache.amazonaws.com:11211
Debug Enyim.Caching.MemcachedClient: FailurePolicy.ShouldFail(): True
 Warning Enyim.Caching.MemcachedClient: Marking node 
Unspecified/mynodeurl.cache.amazonaws.com:11211 as dead
 Debug Enyim.Caching.MemcachedClient: Node 
Unspecified/mynodeurl.cache.amazonaws.com:11211 is dead.
 Debug Enyim.Caching.MemcachedClient: Starting the recovery timer.
 Debug Enyim.Caching.MemcachedClient: Timer started.
 Information Enyim.Caching.MemcachedClient: MemcachedInitPool-cost: 43.048ms
 Debug Enyim.Caching.MemcachedClient: Acquiring stream from pool. 
 Unspecified/mynodeurl.cache.amazonaws.com:11211
 Debug Enyim.Caching.MemcachedClient: Pool is dead or disposed, returning null 
 Unspecified/mynodeurl.cache.amazonaws.com:11211
 EnyimMemcached Started.

Thanks

HDJEMAI
  • 9,436
  • 46
  • 67
  • 93
Akin
  • 137
  • 2
  • 12
  • Your comment about your security group is unclear. It sort of sounds like you opened port 11211 on the Lambda function's security group, which would be wrong. Did you create a rule in the security group assigned to the ElastiCache cluster such that the Lambda function would have access? – Mark B Jun 13 '17 at 20:53
  • Thanks for the response @MarkB. You are correct. I am using the same Security Group as my Elasticache node for my lambda function. What settings should my Lambda Security group have? It currently only has inbound rules for port 11211 and Outbound - All – Akin Jun 13 '17 at 21:36
  • You should probably add some sample code you used, maybe there's something in client config that is missing. – Adam Owczarczyk Jun 14 '17 at 09:17
  • Hi Adam. The code is fine. I'm pretty sure it is a configuration issue. I think the question I need to answer is from @MarkB, __Did you create a rule in the security group assigned to the ElastiCache cluster such that the Lambda function would have access?__. I'm not sure what rule that would be. Any input will help on how to configure the elasticache security group to allow lambda will be helpful – Akin Jun 14 '17 at 13:44
  • Please post your exact security group settings. What is the source value for the port `11211` rule? – Mark B Jun 14 '17 at 14:09
  • I have two rules setup on the Security group that is being used by my elasticache node. This is the same security group I am using in lambda. I have 2 custom tcp rules setup. The source on the first points to itself, and the second points to the security group being used by one of my ec2s. I can access the cache from this ec2, but not from lambda. I'm not sure how to allow access to lambda. – Akin Jun 14 '17 at 14:18
  • I also just saw a setting in API Gateway (that executes my lambda function) - Enable API Cache. Does this need to be turned on? (I just did, but it still isn't working). Or can I keep it turned off? – Akin Jun 14 '17 at 14:20
  • @MarkB, or do I need a NAT gateway? – Akin Jun 14 '17 at 16:01
  • It sounds like you have everything configured properly. As long as the Lambda function is inside the VPC and the port is open in the security group then it should be able to access. API Cache (and any other API Gateway stuff) are totally irrelevant to your issue. Also you don't need a NAT gateway to access things inside the same VPC. – Mark B Jun 14 '17 at 16:21
  • @MarkB. I worked with AWS on this issue. Turns out the configuration was correct, but there is currently no library for .net core to connect to the elasticache client. It surprises me that no one seems to be caching in lambda at the moment??? I used a library that was forked from the .net library, but ported for core. It worked in a .net core web app, but not lambda (which is also .net core). Do you have any ideas for caching in C# lambda for .net core outside of elasticache? – Akin Jun 15 '17 at 20:31

1 Answers1

0

Sounds like you are using the wrong version of Enyim.Caching.MemcachedClient. At time of writing Lambda only supports .netstandard 1.6 not 1.6.1.

Enyim has a very early version of their client that will work. https://www.nuget.org/packages/EnyimMemcachedCore/1.0.0.6

If you enable full logging you'll see that the exception that comes along with "Could not init pool" is "Operation is not supported on this platform."

I had this exact same problem.

odyth
  • 4,324
  • 3
  • 37
  • 45