How do I troubleshoot timeout issues with a Lambda function in a VPC?
Last updated: 2020-02-27
My AWS Lambda function code works fine when I run it outside of an Amazon Virtual Private Cloud (Amazon VPC). However, when I configure my function to connect to a VPC, I get function timeout errors. How do I fix these?
In general, Lambda function timeout errors happen when your network is incorrectly configured. Follow the steps in How do I give internet access to my Lambda function in a VPC? to verify your Amazon VPC configuration. Be sure that the following Amazon VPC features are correctly configured:
- Route tables
- Security groups
- Network access control lists (ACLs)
Note: Security groups are stateful, so you need outbound rules only in security groups for Lambda. However, network ACLs are stateless, so you must have both inbound and outbound network ACL rules for Lambda.
- Domain Name System (DNS) hostnames and DNS resolution
Note: If you're using a custom DHCP options set and not the default AmazonProvidedDNS, confirm that your custom DNS server is working as expected.
Tip: If you're calling your Lambda function using an AWS SDK, see if the SDK throws any relevant errors to help you determine the cause. For troubleshooting, increase the Lambda function timeout setting to a greater value than the SDK's timeout. (For other libraries and connection types, the process is the same—find the optimal timeout and retry period, and confirm that calls are shorter than the function timeout.) For more information, see How do I troubleshoot retry and timeout issues when invoking a Lambda function using an AWS SDK?