0

In order to allow queries in AWS Athena to a RDS PostgreSQL DB in the same AWS account, I have followed this guide to set up Athena Federated Query with a Lambda Connector.

The connector works just fine. Now, there is a security group which the newly created lambda function and the target RDS DB are both associated with. The inbound rules of this security group allow any source to send requests to port 5432 (default Postgres port):

enter image description here

If I drop these rules, Athena queries for this data source fail (Failed to invoke lambda function due to com.amazonaws.services.lambda.invoke.LambdaFunctionException: 0: org.postgresql.util.PSQLException: The connection attempt failed.). Is there a way to make these inbound rules less permissive while keeping the Lambda connector intact?

nichoio
  • 6,289
  • 4
  • 26
  • 33
  • I'm slightly confused because [this SO question](https://stackoverflow.com/questions/35468388/aws-security-group-inbound-rule-allow-lambda-function) suggests that adding Lambda functions's SG as inbound rule should solve the problem. But for me it doesn't. – nichoio Oct 26 '22 at 09:33
  • "that didn't work" - is not specific. What exactly did you do? What errors did you get? – Marcin Oct 26 '22 at 09:53
  • @Marcin I have answered the question myself and edited the question. Adding SG itself worked at the 2nd attempt. Idk what happened before, rule not immediately applied maybe. Case closed. – nichoio Oct 26 '22 at 10:24

1 Answers1

1

I solved the problem by dropping the 2 existing inbound rules and instead adding the security group itself with port 5432 as inbound rule. See also this question which addresses the problem to allow inbound traffic with Lambda as source.

nichoio
  • 6,289
  • 4
  • 26
  • 33