无法从 lambda Nodejs 连接到 EC2 Postgres DB

Question

I cannot connect to EC2 Postgres DB from my lambda function

I have create a lambda function after S3 createAll event, In this lambda function, I need to update data in my DB. What I have done is I tested the DB connection at local. It works fine. However, after I published to lambda, every console.log inside client.connect function will not be triggered. I thought it would be permisson of my lambda role, So i gave administratorfullacess to this role. Also, in EC2 rule, I make incoming traffic open to all. and outgoing to all as well. 1. EC2 is ubuntu, Postgres as DB 2. Nodejs for Lambda function

const { Client } = require('pg');
exports.handler = async (event,context,callback) => {
context.callbackWaitsForEmptyEventLoop = true;
var client = new Client({
    host:'example.com',
    port:5432,
    user:'postgres',
    password:'examplepassword',
    database:'db'
});
console.log('start connecting db : log client');
client.connect().then(() => {
    console.log('DB is connected');
    const text1 = 'SELECT * FROM unime.lecture_content';
    const text = 'INSERT INTO uni.institute_type(name) VALUES($1) 
RETURNING *';
    const values = ['Test Data 2'];
    callback('DB Connected')
}).catch(e => {console.error('connection error', e.stack)
  callback('DB failure',e.stack)
 })
 };

My Package.json

  {
 "name": "node_postgres",
 "version": "1.0.0",
 "description": "node postgres api",
 "main": "index.js",
 "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1",
    "deploy": " — zip-file fileb://Lambda-Deployment.zip",
    "predeploy": "zip -r Lambda-Deployment.zip * -x *.zip *.log"
 },
 "keywords": [
    "postgres"
 ],
 "author": "JUNXILI",
 "license": "ISC",
 "dependencies": {
     "pg": "^7.0.3"
 }
}

I want to show all the log within client.connect function. please help me thanks

Answer 1

Your issue might be your EC2 security group, since you find that you can connect from your local machine but not from Lambda functions. The security group uses an IP and port whitelist to determine whether to allow a connection. When an EC2 instance is first set up, its default security group often only allows simple traffic like HTTP/HTTPS. It doesn't open up a port (5432) for PostgreSQL. Additionally, these connections must be allowed from any IP since the IP of a Lambda function backing instance varies per invocation.

If this is the case, my solution would be:

• Change the EC2 instance's security group to allow PostgreSQL port (5432) connections from any IP.
• Ensure that your configuration for PostgreSQL on your EC2 instance only allows secure connections (those made with a password and preferably also certificates). It's going to be public, so it's imperative that it be secure.

You might also look into using VPCs to be more secure. See https://docs.aws.amazon.com/lambda/latest/dg/vpc.html

Note also if you go the VPC route:

AWS Lambda uses this information to set up elastic network interfaces (ENIs) that enable your function to connect securely to other resources within your private VPC.

Using ENIs may cause your Lambda to have a higher cold start time until AWS sorts out the issues with ENI provisioning time.