I have two AWS lambdas, one of them deployed using Chalice, one of them deployed using Pulumi (an IaC framework similar to Terraform).
To be able to have access to Internet and make requests outside, all my AWS lambdas are attached to the same VPC, same private subnet, and same security group, as explained here, which works fine.
The lambda deployed via Chalice has all the AWS role/permissions automatically set by Chalice. It can successfully access the Internet, and have a Sentry error SDK logging working fine.
The lambda deployed by Pulumi has its role/permissions manually set in the IaC code. It can successfully access the Internet, as the code involves a HTTP POST request to an outside API, which started to be successful once it was attached to the VPC, private subnet and security group.
But when Sentry error logging is added to the code of the Pulumi lambda, it systematically generates timeout errors, which can be seen in the lambda response as well as in Cloudwatch logs.
After trying for hours, it seems initialisation of Sentry works, but the timeouts appear all the time whenever there is a Sentry log call. Here are the network permissions for the lambda:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:DescribeNetworkInterfaces",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeInstances",
"ec2:AttachNetworkInterface",
"ec2:DetachNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
],
"Resource": "*",
"Effect": "Allow"
}
]
}
I tried to change the lambda permissions to match with those from the other lambda automatically created by Chalice, with no success.
Any idea on why?
