[SOLVED] Troubleshooting Lambda to RDS connection with VPC peering

Troubleshooting Lambda to RDS connection with VPC peering

My AWS Lambda function times out when it ties to connect to an RDS instance in another VPC. The VPCs are peered.

Things I have checked:

Lambda is inside the correct VPC
RDS is inside the other VPC
RDS exists in subnets that are peered
VPC Peering is "accepted"
Lambda security group has ingress permission on correct port (5432) to RDS security group
Lambda security group has egress permission to anywhere on any port
Route table entries exists from Lambda VPC subnets to peering
Route table entries exist from RDS VPC subnets to peering

What else can I check / leverage to fix this connectivity issue?

Update

DNS hostnames and DNS resolution are enabled for both VPCs

Update

I tried the following:

Create EC2 instance on same subnet as Lambda
Assign lambda SG to the EC2
SSH connect to EC2
telnet to RDS:

telnet rds.xxxxxxxxxx.eu-west-2.rds.amazonaws.com 5432
Trying 10.11.65.225...
Connected to rds.xxxxxxxxxx.eu-west-2.rds.amazonaws.com.
Escape character is '^]'.
^CConnection closed by foreign host.

So the EC2 can connect. Therefore the issue must be with the lambda.

What can I try next?

Solution

The issue in my case (maybe yours too?) was that the query was timing out, not the connection attempt. You can test this by changing the query to SELECT 1 AS x or similar. The solution is to optimize the query so that it can run in reasonable time.

The trick of launching an EC2 with similar settings to the Lambda and connecting via SSH is a good one.