aws-lambdaamazon-cognitoamazon-vpcamazon-elasticache

How to access Cognito functions and Elasticache from the same AWS lambda function?


I am trying to write AWS lambda function which gets user from AWS Cognito using AWS.CognitoIdentityServiceProvider.adminGetUser and then stores some data into AWS Elasticache (Redis). The parts work fine separately, but not together, as it seems that when I enable VPC for Lambda (to be able to access Elasticache), I loose access to Cognito (Lambda times out).

Is there a way to access both services from single lambda function, or my approach is totally wrong?


Solution

  • Yes, you can for sure. You need to create a NAT Gateway or NAT instance in a public subnet of your VPC, then add a rule to the route table that enables NAT from lambda's security group. I don't think there are public Cognito IP addresses, therefore your security outbound group rule CIDR would be 0.0.0.0/0.

    More details are available on official docs here and also there are tons of tutorials online, because it's a common problem. Good luck!

    P.S. Don't forget to add permissions for adminGetUser action to lambda's IAM role.