AWS lambda invoke not calling another lambda function - Node.js
After giving all the rights to invoke function. My Lambda function is not able to invoke another function . Every time I am getting timeout having 30 seconds timeout issue. It looks like lambda is not able to get another lambda function
My lambdas are in same region, same policy, same security group .. Also VPC are same in both lambdas. The only thing is different now is lambda functions
Here are the role rights
1) created AWSLambdaExecute and AWSLambdaBasicExecutionRole
2) Created one lambda function which is to be called Lambda_TEST
exports.handler = function(event, context) {
console.log('Lambda TEST Received event:', JSON.stringify(event, null, 2));
context.succeed(event);
};
3) Here is a another function from where it is called .
var AWS = require('aws-sdk');
AWS.config.region = 'us-east-1';
var lambda = new AWS.Lambda();
exports.handler = function(event, context) {
var params = {
FunctionName: 'Lambda_TEST', // the lambda function we are going to invoke
InvocationType: 'RequestResponse',
LogType: 'Tail',
Payload: '{ "name" : "Arpit" }'
};
lambda.invoke(params, function(err, data) {
if (err) {
context.fail(err);
} else {
context.succeed('Lambda_TEST said '+ data.Payload);
}
})
};
Reference taken from : This link
Answer
Note
I will denote by executor the lambda that executes the second lambda.
Why Timeout?
Since the executor is "locked" behind a VPC - all internet communications are blocked.
That results in any http(s) calls to be timed out as they request packet never gets to the destination.
That is why all actions done by aws-sdk result in a timeout.
Simple Solution
If the executor does not have to be in a VPC - just put it out of it, a lambda can work as well without a VPC.
Locating the lambda in a VPC is required when the lambda calls resources inside the VPC.
Real Solution
From the above said, it follows that any resource located inside a VPC cannot access the internet - that is not correct - just few configurations need to be made.
- Create a
VPC. - Create 2 Subnets, let one be denoted as private and the second public (these terms are explained ahead, keep reading).
- Create an Internet Gateway - this is a virtual router that connects a
VPCto the internet. - Create a NAT Gateway - pick the public subnet and create a new
elastic IPfor it (this IP is local to yourVPC) - this component will pipe communications to theinternet-gateway. Create 2 Routing Tables - one named public and the second private.
- In the public routing table, go to Routes and add a new route:
Destination: 0.0.0.0/0
Target: the ID of the
internet-gateway- In the private routing table, go to Routes and add a new route:
Destination: 0.0.0.0/0
Target: the ID of the
nat-gatewayA private subnet is a subnet that in its routing table - there is no route to an
internet-gateway.A public subnet is a subnet that in its routing table - there exists a route to an
internet-gateway
What we had here?
We created something like this:
This, what allows resources in private subnets to call out the internet. You can find more documentation here.