I have a Cloudwatch Events Rule that periodically invokes an AWS Lambda. This Lambda attempts to pull a message from an AWS SQS queue using the receiveMessage SDK method. Then, if there is a message, it invokes an AWS Step Function. This process works when invoked locally. However, when Cloudwatch triggers it, I receive the error Client network socket disconnected before secure TLS connection was established. See my code below:
module.exports.triggerStepFunction = () => {
let sqs = new AWS.SQS({apiVersion: '2012-11-05'})
let params = {
QueueUrl: 'my_endpoint',
AttributeNames: [
'All'
],
MessageAttributeNames: [
'All'
],
MaxNumberOfMessages: 1,
ReceiveRequestAttemptId: Date.now().toString(),
VisibilityTimeout: 10,
WaitTimeSeconds: 6
}
sqs.receiveMessage(params, function(err, receiveMessageData) {
if (err) {
return err
} else {
return receiveMessageData
}
})
}
What is happening and how do I fix it?
It looks like the solution was to create a new IAM role with proper permissions and attach that to the lambda. I'm using Serverless, so I added the following to my serverless.yml file and attached it to the lambda:
resources:
Resources:
SQSLambdaRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action:
- sts:AssumeRole
Path: '/'
Policies:
- PolicyName: logs
PolicyDocument:
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: arn:aws:logs:*:*:*
- PolicyName: sqs
PolicyDocument:
Statement:
- Effect: Allow
Action:
- sqs:ReceiveMessage
- sqs:SendMessage
- sqs:DeleteMessage
Resource: <MY_SQS_RESOURCE_ARN>