AWS Lambda with VPC interface endpoint cannot access secrets manager

Question

I have a lambda function running in a private VPC and need to access secrets in secrets manager. Here is my setup:

New VPC

• enable_dns_support: true
• enable_dns_hostnames: true

Lambda Function

• subnets are from the new vpc
• has its own security group in the new vpc

VPC Endpoint

• vpc_id: id from new VPC
• service_name: com.amazonaws.us-east-1.secretsmanager
• endpoint_type: Interface
• private_dns_enabled: true
• subnet_ids: subnets I created in new vpc
• security_group_ids: a security group I created for the endpoint

VPC Endpoint Security Group

• vpc_id: id from new VPC
• a rule to allow ingress from port 443 to port 443, TCP, with cidr_blocks set to the new vpc's cidr block

After setting this all up, my lambda times out because secrets manager cannot be accessed. I removed the vpc_config from my lambda function as a sanity check and everything works fine.

Thanks for the help.

Answer 1

Based on the comments. The issue was caused by security group (SG) of the lambda, not the interface endpoint. Specifically, the SG did not allow for any egress traffic which effectively blocked access to the interface endpoint.