Often our customers using AWS report to us that their AWS Lambda function receives connection timeout errors when it tries to access an Amazon Relational Database Service (Amazon RDS) DB instance.

Here at Bobcares, we handle requests from our customers to fix similar errors as a part of our Server Management Services. Today we will see how our Support Engineers do this for our customers.

How to troubleshoot Lambda RDS connection timed out

We will see the methods that our Support Techs follow to check both intermittent and consistent connection timeouts.

Troubleshoot intermittent and transient connection timeout errors

We must do the following as a basic thing when we receive intermittent and transient connection timeout errors.

1. Check for DNS errors

We must check and confirm whether there is any Domain Name System (DNS)-related errors.

If there are DNS errors, we must retry the DNS request using exponential backoff.

Before retrying the DNS request we must ensure that we are able to resolve the inbound and outbound endpoints.

Troubleshoot consistent connection timeout errors

We must do the following as a basic thing when we receive consistent connection timeout errors.

1. Check the Lambda function’s Amazon CloudWatch Logs

We must enable CloudWatch logging permissions to our Lambda function is not given already.

Then, review the function’s logs to identify specific connection timeout errors.

2. Check the VPC configuration

Private Databases:

We can do either of the following:

• Keep the Lambda function in the same Amazon Virtual Private Cloud (Amazon VPC) as the database.
• Create a VPC peering connection between the Amazon VPC that includes the function and the Amazon VPC that includes the database.

Public Databases:

•  Route public traffic through a network address translation (NAT) gateway or NAT instance for functions in an Amazon VPC.

3. Check the security group rules

Private Databases:

We can add an inbound rule to the DB security group that allows traffic from the CIDR range of the VPC’s subnets or security group.

Public Databases:

We can add an inbound rule to the DB security group that allows traffic from the NAT gateway or NAT instance of the VPC.

4. Update the Lambda function handler

We can try Updating the Lambda function code so that the function opens the database connection outside of the function handler and doesn’t close the connection.

5. Connect using an EC2 instance

First, try connecting to Amazon Elastic Compute Cloud (Amazon EC2) instance with the same Amazon VPC configuration as the lambda function. Then, try connecting to the Amazon RDS DB instance from the EC2 instance.

6. Use Amazon RDS Proxy

We can create an Amazon Relational Database Service (Amazon RDS) Proxy endpoint for the RDS database to handle the database traffic from the Lambda function.

[Need assistance? We can help you]

 Conclusion

In short, we saw how our Support Techs troubleshoot Lambda RDS connection timed out issues for our customers.