Search code examples
laravelamazon-web-servicesaws-lambda

Lambda function access to SQS: error on DeleteMessage

I created a lambda function for Laravel framework to run its jobs in it. However when the jobs are runing I face this error on lambda:


[2024-08-05 11:31:49] staging.ERROR: Error executing "DeleteMessage" on "https://sqs.us-east-2.amazonaws.com/lambda-jobs-staging"; AWS HTTP error: cURL error 28: Failed to connect to sqs.us-east-2.amazonaws.com port 443 after 15495 ms: Could not connect to server (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://sqs.us-east-2.amazonaws.com/lambda-jobs-staging {"exception":"[object] (Aws\\Sqs\\Exception\\SqsException(code: 0): Error executing \"DeleteMessage\" on \"https://sqs.us-east-2.amazonaws.com/lambda-jobs-staging\"; AWS HTTP error: cURL error 28: Failed to connect to sqs.us-east-2.amazonaws.com port 443 after 15495 ms: Could not connect to server (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://sqs.us-east-2.amazonaws.com/lambda-jobs-staging at /var/task/vendor/aws/aws-sdk-php/src/WrappedHttpHandler.php:195)

This while the role used for lambda function has full access to SQS:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "sqs:ReceiveMessage",
                "sqs:DeleteMessage",
                "sqs:GetQueueAttributes",
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }
    ]
}

Can you suggest a solution for this?

it is also unusual to me that the url that the AWS SDK is trying to get access is https://sqs.us-east-2.amazonaws.com/my-jobs-staging

while I thought the URL should include account ID. This is while I set correct Env vars for laravel configuration.

'sqs' => [
            'driver' => 'sqs',
            'key' => env('AWS_ACCESS_KEY_ID'),
            'secret' => env('AWS_SECRET_ACCESS_KEY'),
            'prefix' => env('SQS_PREFIX', 'https://sqs.us-east-1.amazonaws.com/xxxxxxxx'),
            'queue' => env('SQS_QUEUE', 'low'),
            'suffix' => env('SQS_SUFFIX'),
            'region' => env('AWS_DEFAULT_REGION', 'us-east-1'),
        ],

Does PHP AWS SDK might have different behavior inside Lambda function?

Solution

  • The error message says: Could not connect to server

    This means that the AWS Lambda function is unable to reach the Amazon SQS API endpoints. Most likely, your Lambda function is connected to a VPC and there is no NAT Gateway. This means it is unable to communicate with Amazon SQS.

    If the Lambda function does not need to communicate with any resources inside the VPC, then the easiest solution is to disconnect the Lambda function from the VPC. This will automatically give it access to the Internet.

    However, if the Lambda function requires access to other resources in the VPC, then you will need to add a VPC Endpoint for SQS into the VPC. This will provide a direct connection between the VPC and the Amazon SQS API endpoints.