Note
I will denote by executor the lambda
that executes the second lambda
.
Why Timeout?
Since the executor is “locked” behind a VPC
– all internet communications are blocked.
That results in any http(s)
calls to be timed out as they request packet never gets to the destination.
That is why all actions done by aws-sdk
result in a timeout.
Simple Solution
If the executor does not have to be in a VPC
– just put it out of it, a lambda
can work as well without a VPC
.
Locating the lambda
in a VPC
is required when the lambda
calls resources inside the VPC
.
Real Solution
From the above said, it follows that any resource located inside a VPC
cannot access the internet – that is not correct – just few configurations need to be made.
- Create a
VPC
. - Create 2 Subnets, let one be denoted as private and the second public (these terms are explained ahead, keep reading).
- Create an Internet Gateway – this is a virtual router that connects a
VPC
to the internet. - Create a NAT Gateway – pick the public subnet and create a new
elastic IP
for it (this IP is local to yourVPC
) – this component will pipe communications to theinternet-gateway
. -
Create 2 Routing Tables – one named public and the second private.
- In the public routing table, go to Routes and add a new route:
Destination: 0.0.0.0/0
Target: the ID of the
internet-gateway
- In the private routing table, go to Routes and add a new route:
Destination: 0.0.0.0/0
Target: the ID of the
nat-gateway
-
A private subnet is a subnet that in its routing table – there is no route to an
internet-gateway
. -
A public subnet is a subnet that in its routing table – there exists a route to an
internet-gateway
What we had here?
We created something like this:
This, what allows resources in private subnets to call out the internet.
You can find more documentation here.