1

I have database which is not exposed to public(running in ec2 instance which is in vpc). I have web-app running on ec2 which connects to database. I expose this web-app via application load balancer which also resides in vpc.

I want to access database as well call api in web-app from lambda function. To enable first connection I have setup lambda inside vpc and given security groups.

Do I need to setup NAT gateway(which is expensive) to access web-app via load balancer. I am aware that if lambda is inside vpc, it needs NAT gateway setup to call external services, However elb is not external resource.

Currently I am not able to access elb from lambda. My setup is as follows

ELB

meteor-app(application load balancer internet facing) (security groups: sg-6141c009, sg-edd58d86) in vpc vpc-1bedde72

Lambda

vpc: vpc-1bedde72, security groups: sg-0c53aa67, role: prod(with full EC2 access)

sg-0c53aa67 (on lambda) - no inbound rules

outbound rules: all traffic at all ports to any destination, TCP on port 443 at sg-6141c009

sg-6141c009(on elb)

inbound: https traffic from any source

outbound all traffic to any destination

hridayesh
  • 1,123
  • 1
  • 14
  • 36
  • Have you tried it? Was your lambda not able to call ELB? Are you asking Yes/No question or you actually have a problem here? – Asdfg May 09 '18 at 13:22
  • Yes actually it was not working, sorry my bad. – hridayesh May 09 '18 at 13:27
  • what was the error you were getting? – Asdfg May 09 '18 at 13:27
  • 2
    Lambda gets stuck on making request. I do not get any callback for response, then lambda kills my process after timeout. If I remove it from vpc, I get response, however i wont be able to connect to my db. – hridayesh May 09 '18 at 13:29
  • What your ELB Security Group looks like for Inbound connection? – Asdfg May 09 '18 at 13:31
  • I have edited question to include my setup. Sorry for bad formatting! – hridayesh May 09 '18 at 13:44
  • *"elb is not external resource"*... unless it is an internal-only ELB (an option you can select when the ELB is created) then yes, it **is** an external resource. – Michael - sqlbot May 09 '18 at 17:46
  • that means if ELB is not internal-only, lambda in vpc needs NAT gateway setup to call elb urls. – hridayesh May 10 '18 at 08:16
  • are you able to solve the issue? I'm facing the same issue. I can't call API through ELB. in my case, I already gave Nat instance to lambda still it is not working. – Vishal Patel Jan 08 '20 at 10:01
  • We were not able to solve it without using NAT gateway, and we have not created NAT gateway as well. As a temporary solution we opened the port to external services. – hridayesh Jan 09 '20 at 03:15

0 Answers0