AWS Lambda - NAT Gateway internet access results in timeout

Question

I have a AWS Lambda function which:

• checks a Redis Elasticache instance,
• if the item is not found in the cache, goes to Google Places API service.

The Redis instance is in a private subnet; so, to fetch it, I added the VPC and the subnet in which the instance resides. I also specified the security group which allows all the outbound traffic. The Network ACL is the default one which is supposed to all the inbound and the outbound traffic.

When adding VPC to Lambda function like that via the console, it prompts:

When you enable VPC, your Lambda function will lose default internet access. If you require external internet access for your function, ensure that your security group allows outbound connections and that your VPC has a NAT gateway.

So, in the Route Table of the private subnet, I added a NAT gateway too. However, at the point where the Google Places API service call is made from the Lambda function it is always doomed to result in timeout.

In short, I doubt that the NAT gateway properly allows internet access of the Lambda function. How can I check what goes wrong with it?

Do NAT Gateways log the calls or the call attempts being tried through it somehow in CloudWatch etc.?

Answer 1

The following steps are required

1. An IAM role with full VPC permission assigned to your lambda function.
2. VPC with public and private subnet
3. while creating a NAT Gateway a)the subnet has to be public subnet b)Elastic IP creat a new one or allocate one
4. Create the route table and add another route with target as our NAT gateway we created above. And your lambda should be happy now