3

I have hosted a Lambda function using AWS Chalice inside a VPC since I want it to access a Serverless Aurora DB Instance. Now I also want this function to send_message() to an SQS.

I followed Tutorial: Sending a Message to an Amazon SQS Queue from Amazon Virtual Private Cloud and was able to call the SQS from inside my EC2. But even then I could not use my Lambda function to call the SQS.

It would be very helpful if someone could actually tell me how to do the whole thing manually rather than using the CloudFormation stack, or at least tell me how to get the SQS Endpoint working.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Mehran
  • 1,264
  • 10
  • 27
  • Are you getting any errors when calling send_message()? Make sure your lambda has an IAM Role attached that has permissions to send messages on the queue. – quasar May 28 '19 at 15:36

2 Answers2

2

It appears that your situation is:

  • An Amazon VPC with an Amazon Aurora database
  • An AWS Lambda function that wants to communicate with the Aurora database AND an Amazon SQS queue

An AWS Lambda function can be configured as:

  • Connected to a subnet in a VPC, or
  • Not connected to a VPC, which means it is connected to the Internet

If you wish to have an AWS Lambda function communicate with resources inside a VPC AND the Internet, then you will need:

  • The Lambda function connected to a private subnet
  • A NAT Gateway in a public subnet
  • An Internet Gateway connected to the public subnet (it is most probably already in your VPC)

Alternatively, you can use a VPC Endpoint for SQS, which allows the Lambda function to access SQS without going to the Internet. If you are wanting to connect to multiple service (eg S3, SNS, SQS), it is probably easier just to use a NAT Gateway rather than creating VPC Endpoints for each service.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
  • Here's the thing. I configured a SNS endpoint and an SQS endpoint. My lambda inside the VPC can invoke the SNS but NOT the SQS. So I'm really confused. – Mehran May 29 '19 at 04:53
  • Can you update your Question to show the Route Table configuration for the subnet(s) to which the Lambda function is attached? – John Rotenstein May 29 '19 at 06:01
0

You either need to add a VPC Endpoint for SQS to your VPC, or place the Lambda function in subnets with a route to a NAT Gateway.

Mark B
  • 183,023
  • 24
  • 297
  • 295
  • I added .a VPC endpoint for SQS. Then I added the Subnet/Security Group associated with that endpoint in my Lambda function (along with all the others). Didn't work. – Mehran May 28 '19 at 16:45
  • Were you able to figure this out ? What was the config change? – Abhi Nov 08 '19 at 16:54
  • no @Abhi, I wasn't able to understand why I couldn't access with SQS but with SNS. But since SNS was working I moved forward with using SNS for this scenario. – Mehran Nov 23 '19 at 06:30