2

My Lambda function is unable to download objects from within Lambda, I get the below exception.

My bucket name and key name are both correct. I tested them out by running the Lambda function from my local machine with a dummy main and the bucket/key it's attempting to download and it downloaded the object just fine.

The role the Lambda function is executing with has S3 Read-Only privileges.

I've tried increasing the socket timeout to 25 seconds, increased the max connections to 10 and still no luck.

Below is the top portion of the stacktrace (can't seem to copy/paste in a pretty format from AWS Cloudwatch). The only reference within my code stops at the

s3Client.getObject(bucket, key);

My s3Client object is created as follows:

private final AmazonS3Client s3Client = new AmazonS3Client();

Searches have come up with similar issues from years ago, which seemed to have something to do with a specific issue or incorrect authentication.

Any thoughts?

Below is the stacktrace:

com.amazonaws.http.AmazonHttpClient executeHelper INFO: Unable to execute HTTP request: Connect to <>:443 http://<>/54.231.112.64 failed: connect timed out

org.apache.http.conn.ConnectTimeoutException: Connect to <>:443 http://<>/54.231.112.64 failed: connect timed out at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:150) at

Improve this question

1 Answer 1

Reset to default
3

54.231.112.64 is a public ip address, did you create lambda function inside VPC ? if yes - make sure its in subnet with internet access through a NAT. Read more here

Connection to S3 requires a gateway or NAT instances. If you need internal access you could try to setup VPC endpoints.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Yeah! I put it inside a VPC because I intend on giving it access to an EC2 instance...never thought for a minute that would restrict access to AWS resources though. If you don't mind, I will edit your answer to include the URL I just found on the subject. Also, would you mind taking a stab at my other question? stackoverflow.com/questions/38342418/…
yep access to s3 requires NAT or IGW, however VPC has 'Endpoint' feature, that would allow internal access to s3
with seconds questions, I dunno mate, I'm fortunate to use python it's rarely use more than ~25mb per request
If my function only needs access to EC2 and S3, does it still need a NAT with internet access? It seems these instructions are for setting it up with external access. I just created a VPC endpoint, per aws.amazon.com/blogs/aws/new-vpc-endpoint-for-amazon-s3 and now my Lambda function does not even get executed...
if your lambda needs access to EC2 and S3 I would put it in private subnet with internet access though NAT. However, if you don't want to bother with settign up NAT, VPC endpoint allows you to access S3 without going though the internet

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.