AWS Lambda cannot connect to Parameter Store

Question

I have a AWS Lambda (java) and I try to do a test in order to retrieve a password stored on Parameter Store. Here is my piece of code:

GetParameterRequest parameterRequest = new GetParameterRequest();
        AWSSimpleSystemsManagement client = AWSSimpleSystemsManagementClientBuilder.defaultClient();
        parameterRequest.withName("my-password-key")
                .setWithDecryption(true);
        GetParameterResult parameterResult = client.getParameter(parameterRequest);
        password = parameterResult.getParameter().toString();

The security group (and the NACL) associated with my lambda has all inbound and outbound open (any port and any IP address).

My lambda run inside a private subnet.

When I execute the lambda (triggered by an API Gateway event) I have the following error:

Unable to execute HTTP request: Connect to ssm.eu-central-1.amazonaws.com:443 [ssm.eu-central-1.amazonaws.com] failed: connect timed out: com.amazonaws.SdkClientException

Since the error is about an timeout error, I think it's not a role problem.

I have no idea where to look. Any help is appreciated.

Thanks.

C.C.

Answer 1

Internet access is required when calling an AWS API.

There are two ways to give a Lambda function access to the Internet:

• Do not attach the Lambda function to a VPC, or
• Attach the Lambda function to a private subnet and configure the private subnet to route Internet-bound traffic through a NAT Gateway (or NAT instance) in a public subnet

So, if the Lambda function does not need to access any resources in the VPC, simply remove it from the VPC. If it does need access, then add a NAT Gateway.