I have written lambda function that retrieve s3 Url whenever any new object created on s3 bucket. after retrieve s3Url this lambda make request to my server over REST Call.

I observed cloud watcher. It failed to send request to my Server I don't want to use external packages in my lambda & i want to make it lightweight that's why i used nodeJ's https.

Here is my Lambda code

 exports.handler =  (event,context,callback) => {
  // Extract S3 Url and id From S3 object present in event
  const https = require('https');
  let {s3 , awsRegion} = event["Records"][0];
  let {object : {key}, bucket : {name}} = s3;
  let s3URL = `https://${name}.s3.${awsRegion}.amazonaws.com/${key}`;
  console.log("sURL",s3URL);
  let _id = key.split('/')[0];
  console.log("id",_id);
//Making http request to my server
  let body='';
  // the post options
  let optionsPost = {
     host: 'xyz.abc.com', 
    path: '/api/v1/apipath',
    method: 'POST',
    headers: {
    'Content-Type': 'application/json',
    'Authorization': 'XYZ',
    'id' : _id
  }
  };
  const keepAliveAgent = new https.Agent({ keepAlive: true });
  optionsPost.agent = keepAliveAgent;
  let reqPost =  https.request(optionsPost, function(res) {
      console.log("statusCode: ", res.statusCode);
      res.on('data', function (chunk) {
          body += chunk;
      });
      res.on('end', function () {
        console.log("Result", body.toString());
         context.succeed("Sucess")
      });
       res.on('error', function () {
        console.log("Result Error", body.toString());
        context.done(null, 'FAILURE');
        callback(new Error('failure')) // to return error
      });
  });
  reqPost.write(JSON.stringify({ s3Url: s3URL,userName: 'SYSTEM' }));
  reqPost.end();
};

And here is my cloud watcher Error

{ "errorType": "Error", "errorMessage": "connect ETIMEDOUT 34.255.225.41:443", "code": "ETIMEDOUT", "errno": "ETIMEDOUT", "syscall": "connect", "address": "34.255.225.41", "port": 443, "stack": [ "Error: connect ETIMEDOUT 34.255.225.41:443", " at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1107:14)" ] }

If you are attempting to access S3 (or any other AWS resource) through the AWS SDK or directly through any HTTP call from a Lambda then either one of the following scenarios must be true:

• Your Lambda is not set up to run in a VPC
• Your Lambda is set up to run in a VPC, and the VPC is set up with a NAT gateway or is set to use AWS PrivateLink.

In AWS, VPCs provide two network segments, a 'public' network and a 'private' network. All resources in the VPC can communicate with other resources in the VPC regardless of which segment they are on. Resources on the public segment of the VPC will route public-internet bound traffic through the Internet Gateway that is provided on most VPCs out-of-the-box. However, any containers/resources that are set up on a VPC's private segment are firewalled and do not have routing for public internet addresses without either installing a NAT or creating interface endpoints for the VPC.

Lambda functions that are configured to run inside a VPC create the container which runs the code inside the private segment of the VPC. Without either a NAT or interface endpoints, the Lambda can only access any resources within the VPC through their internal IP addresses/DNS names.

When using the AWS SDK without other qualifiers, the resources are generally accessed from their public-facing service domain name (such as from AWS S3), attempts to access them in a Lambda behind a VPC with no NAT gateway will result in your function receiving ETIMEDOUT errors. This generally occurs when using any of the AWS SDK within a Lambda for the same reasons.

If your function needs to be behind a VPC to access other resources, then you should either set up a NAT Gateway on your VPC or you should configure VPC Endpoints for your lambda function to use.

Otherwise, you should ensure that your Lambda is not set up to use the VPC as running it inside the VPC incurs additional cold-start times latency along with the network connectivity challenges.