I am struggling to enable an AWS lambda to send HTTPS POST requests to an AWS elastic beanstalk service. The elastic beanstalk provides web and web services and works nicely. The lambda is doing some calculations with AWS elasticache (works well) and then decides if to send HTTPS POST to the beanstalk URL.
The lambda is written with node.js. About 2 minutes after the POST attempt I am getting this timeout:
[Error: connect ETIMEDOUT X.Y.Z.W:443] code: 'ETIMEDOUT', errno: 'ETIMEDOUT', syscall: 'connect', address: 'X.Y.Z.W', port: 443
I see no indication of a request in the elastic bean nginx access log.
So my understanding is that the security groups are not set correctly.
I ruled out the option that the elastic beanstalk prevents such connections - The lambda is using a url with an external domain name that can be used from any browser and that works fine.
So I am left with the conclusion that the lambda security prevents this connection. So - I opened up the lambda security group completely to "All traffic" from anywhere - and I still get this problem.
Any ideas?
You are running your Lambda function within your VPC, which is required to access your ElastiCache servers. However once you place a Lambda function into a VPC it no longer has access to anything outside the VPC. You are trying to hit the Elastic Beanstalk server via a public (Internet) address, which the Lambda function does not have access to. Thus you are getting network connection timeouts.
You need to configure your Lambda function to access the service via an internal VPC address. And you need to configure your Elastic Beanstalk Security Group to allow access from the Lambda Security Group (if you haven't already).
Alternatively, you could add a NAT Gateway to your VPC, which would give your Lambda function access to resources outside the VPC.