0

Context

I have an EC2 that I want to communicate with, inside a VPC in AccountID: host. I have a Lambda in AccountID: client that I want to connect with this instance.

I am trying to set up a peering between the two, but I'm having issues.

In development, I am able to launch the Lambda from within a VPN that is connected to the instance and the Lambda is able to perform its task (so I am sure the function is correct).

Setup

AccountID: host

  • peering connection: pcx-peer
  • EC2 Private IPv4: e.e.e.e
  • Accepter (host) CIDR: e.e.0.0/16
  • EDIT: Security Group (inbound): {Type: All TCP, Port-range: 0-65535, Source: c.c.c.c/18}
  • EDIT: Security Group (outbound): All trafic

AccountID: client

  • VPC: vpc-client
  • VPC IPv4 CIDR: c.c.c.c/18
  • peering connection: pcx-peer
  • Requester (client) CIDR: c.c.c.c/18
  • Route table: rtb-client
  • Private subnets (rtb-client): subnet-private1, subnet-private2, subnet-private3
  • Secutiry Group: sg-lambda

Procedure:

  • I created and accepted a peering (different accounts and same region) according to the documentation.
  • I edited the route tables from both accounts to point to the other:
    • AccountID: host > pcx-peer > Route tables > rtb-host > Routes >:
      • Destination (e.e.0.0/16) Target (local)
      • Destination (c.c.c.c/18) Target (pcx-peer)
    • AccountID: client > pcx-peer > Route tables > rtb-client > Routes >:
      • Destination (e.e.0.0/16) Target (pcx-peer)
      • Destination (c.c.c.c/18) Target (local)
  • I created the Lambda and Configuration > VPC:
    • vpc: vpc-client
    • subnets: subnet-private1, subnet-private2, subnet-private3
    • security groups: sg-lambda => Inbound X, Outbound All traffic 0.0.0.0/0
  • To eliminate any permission restrictions my Lambda has all the permissions enabled

EDIT

  • I created a Security Group entry with permission on all TCP ports, even though I am sure the instance requires only access on 5432

Working

  • When using the reachability analyzer on AccountID: host the peering connection has access to the EC2 instance in the correct PORT.
  • If I launch my Lambda inside the same VPC as the EC2 it executes correctly.

Help

Any help is much appreciated,

Kmelow
  • 203
  • 1
  • 3
  • 12
  • Can you expand upon what you mean by "I'm having issues"? Are you saying that the Lambda function is unable to access the EC2 instance? What happens? Also, what type of connection are you attempting -- SSH, HTTP, FTP? What is the configuration of the Security Group on **both** the Lambda function and the EC2 instance? – John Rotenstein Feb 14 '23 at 11:32
  • There's a database on the EC2 and when I attempt to connect I get a timeout. – Kmelow Feb 14 '23 at 15:58
  • Timeouts are mostly caused by Security Group configurations. Please Edit your question and include the configuration of the Security Group associated with the Amazon EC2 instance. – John Rotenstein Feb 14 '23 at 23:00
  • Indeed, I didn't have an entry in the security group for the `client` VPC. But, even after creating one with full TCP access I still have the timeout. – Kmelow Feb 20 '23 at 10:49

0 Answers0