0

Okay, I have written an AWS Lambda function which pulls data from an API and inserts the data into a DocumentDB database. When I connect to my cluster from the shell and run my python script it works just fine and inserts the data no problem.

But, when I implement the same logic into a lambda function is does not work. Below is an example of what would work in the shell but not through a Lambda function.

import urllib3
import json
import certifi
import pymongo
from pymongo import MongoClient


# Make our connection to the DocumentDB cluster
# (Here I use the DocumentDB URI)
client = MongoClient('mongodb://admin_name_here:<insertYourPassword>my_docdb_cluster/?ssl=true&ssl_ca_certs=rds-combined-ca-bundle.pem&retryWrites=false')

# Specify the database to use
db = client.my_db

# Specify the collection to use
col = db.my_col


col.insert_one({"name": "abcdefg"})

The above works just fine in the shell but when run in Lambda I get the following error:

[ERROR] ServerSelectionTimeoutError: my_docdb_cluster timed out, Timeout: 30s, Topology Description: <TopologyDescription id: ***********, topology_type: ReplicaSetNoPrimary, servers: [<ServerDescription (my_docdb_cluster) server_type: Unknown, rtt: None, error=NetworkTimeout(my_docdb_cluster timed out')>]>

From my understanding, this error is telling me that the replica set has no primary. But, that is not true there definitely is a primary in my replica set. Does anyone know what could be the problem here?

KoalaKey
  • 252
  • 3
  • 11
  • The timeout suggests a networking issue. Is the cluster in a VPC, and if so, is the Lambda running in the VPC as well, with appropriate network access? – Jason Wadsworth Dec 08 '20 at 21:56
  • Yes, I did check the VPC configurations. Both the Cluster and the Lambda function are running in the same VPC. The cluster allows Custom TCP on port 27017. and inherits from another security group that allows SSH TCP access on port 22 from my IP address. Should that security group also be allowing All Traffic in this case? – KoalaKey Dec 08 '20 at 22:18
  • You almost never want to allow all access in a security group. The ideal setup here would be that the lambda has a security group and the cluster has a security group, and the cluster's security group allows access from the lambda's security group for the port(s) required. – Jason Wadsworth Dec 08 '20 at 22:21
  • Okay, I got it working now Thank you! Now I just need to get my Lambda Handler working lol. Thanks for all the help! – KoalaKey Dec 08 '20 at 22:59
  • Hey I am stuck on same thing, how did you get it fixed? My question is here https://stackoverflow.com/questions/65222660/connecting-to-documentdb-from-aws-lambda-using-python – WK123 Dec 09 '20 at 18:23

0 Answers0