I am attempting to make a lambda which will shut down an RDS instance on a schedule. I put my lambda in my VPC because I thought it would not need Internet access. However, I'm trying to use boto3 to access the instance, and I'm getting an error.

rds = boto3.client('rds')
dbs = rds.describe_db_instances()

def lambda_handler(event, context):
    try:
        # get all of the db instances
        for db in dbs['DBInstances']:
            print ("%s@%s:%s %s") % (
            db['MasterUsername'],
            db['Endpoint']['Address'],
            db['Endpoint']['Port'],
            db['DBInstanceStatus'])

except Exception as e:
    print(e)

However, when boto3 tries to connect RDS, I'm getting this error.

[ERROR] ConnectTimeoutError: Connect timeout on endpoint URL: "https://rds.us-east- 
2.amazonaws.com/"

This looks to me like boto3 is trying to call a URL on the internet. I can't tell if the lambda cannot get out of the VPC or what. Is there no way to just reach within AWS and get to the instance?

CodePudding user response：

You should not attach the AWS Lambda function to a VPC because it does not need to access any resources in the VPC.

The API calls being made to the Amazon RDS service are being sent to an endpoint on the Internet, not within the VPC. The Amazon RDS service will then turn the database on/off.

By not specifying a VPC for the Lambda function, it will have direct access to the Internet and the calls will succeed.