Login/Register
Connect Lambda to Elasticache using Serverless framework
Asked Answered
amazon-web-servicesredisaws-lambdaserverless-framework
M

3

6

I'm trying to access AWS Elasticache cluster from a Lambda function using Serverless framework (v 0.5.6) without loosing access to Dynamodb. I have tried using this Gist with no luck. Inside the Lambda function, first thing I do is to connect to the Redis instance but I keep getting timeouts, I have double checked CloudFormation outputs variables and its visibility inside the function and Lambda Roles/Policies for VPC but still nothing... I haven't found either any guide on how to create VPCs and Security Groups with CloudFormation and Serverless in order to create Public and Private subnets, NATs and Internet gateways as suggested here. Can anyone help?

Monophysite answered 4/10, 2016 at 14:17 Comment(0)
R
5

You will have to place the Lambda function inside the VPC that the ElastiCache cluster resides in. Of course once you do that the Lambda function only has access to resources that exist inside the VPC, so it will no longer have access to DynamoDB. The solution to that is to add a NAT gateway to the VPC, which will allow the Lambda function to access resources outside the VPC.

I would think that setting up the VPC and NAT gateway would fall outside the Serverless framework, but I'm not an expert in that framework. I would suggest looking into configuring that manually via the AWS console or doing it through something like CloudFormation, and then simply specifying in your Serverless framework configuration the VPC that it needs to use.

Ryon answered 4/10, 2016 at 15:18 Comment(1)
Thanks for the reply, I already know how to do things manually but I found that Gist for serverless and it seemed to be a good thing to use, I want to get this working with Serverless framework and cloud formation.Monophysite
L
2

While it's not properly documented, you can actually configure VPC directly in the serverless config file (see link)

Version 0.5

# s-function.json

{
 "name": "hello",
 "runtime": "nodejs4.3",
 "handler": "handler.hello”,
 "endpoints": [],
 "events": [],
 "vpc": {
    "securityGroupIds": ["sg-123456"],
    "subnetIds": [
      "subnet-abc1",
      "subnet-abc2",
      "subnet-abc3",
    ]
  }
}

Version 1.0

# serverless.yaml

service: aws-hello
provider: aws
  runtime: nodejs4.3
  vpc:
    securityGroupIds:
      — "sg-123456"
    subnetIds:
      — "subnet-abc1"
      — "subnet-abc1"
      — "subnet-abc1"
functions:
   foo:                           # inherits the VPC config
     handler: src/handler.foo
   bar:                           # overwrites the VPC config
     handler: src/handler.bar
     vpc:
       securityGroupIds:
         — "sg-999999"
       subnetIds:
         — "subnet-zzz9"
Licensee answered 26/1, 2017 at 0:40 Comment(0)
T
0

Adding summary of how I setuped this:

  • create a new VPC

  • create 3 private subnets and 2 public subnet

    • multiple subnets are created for redundancy

  • create a security group

    • with inbound traffic to
      • elastic cache port
    • with outbound traffic to
      • all ports for internet access

  • create a new IGW

    • attach this IGW with VPC

  • create a new NAT

    • select a public lambda
    • public connectivity type

  • we need 2 route tables

    • 1 for private subnets
      • this will have NAT and private subnets
    • another for public subnet with internet access
      • this will have IGW and public subnets

  • lambda configuration

    • attach IAM policies to lambda functions : AWSLambdaVPCAccessExecutionRole
    • attach private subnets to lambda
    • select security group for lambda

references:

https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/

https://docs.aws.amazon.com/lambda/latest/dg/services-elasticache-tutorial.html

Tass answered 8/6, 2022 at 11:7 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.