0

I have a Lambda function that consumes messages from an AWS SQS queue and when message processing fails then Lambda is supposed to send the message back to same queue with some delay.

Problem is, the attempt to send message to SQS in case of processing failure leads to this error:

TimeoutError: Socket timed out without establishing a connection

I was able to fix this error by adding following Inbound rule to the security group that is linked to the Lambda function.

enter image description here

I have 2 questions:

  • Is it secure to add this rule ?
  • Why do I need to add this inbound rule? Is there a way using which I can fix the timeout error without the need to add this rule? If not, then can I limit the range of allowed addresses ?
Farooq Hanif
  • 1,779
  • 1
  • 15
  • 22
  • This has nothing to do with either Lambdas or SQS per se: it's pure TCP/IP. You have a web client (an app?) that's trying to connect to an AWS endpoint over HTTPS, and the TCP/IP connection into your AWS VPC was blocked. One solution is to define an [AWS Security group](https://docs.aws.amazon.com/vpc/latest/userguide/security-groups.html) (which it sounds like you've done). You might also consider using [Amazon API Gateway](https://aws.amazon.com/api-gateway/) – paulsm4 Aug 12 '23 at 15:47
  • Security groups track connection state. If you are allowed outbound to 443 on the SQS endpoints, then you'll also automatically allow the response. By the way are you aware of the integration AWS / Lambda offers? https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html – erik258 Aug 12 '23 at 16:38

0 Answers0