Fork me on GitHub
#datomic
<
2018-04-15
>
Gabriel20:04:34

has anyone ever got datomic cloud to work with aws lambda on a vpc? I’m having issues similar to https://forum.datomic.com/t/datomic-cloud-with-aws-lambda/342: my lambda can’t reach the datomic instance on the right port (as in trying to talk to the right ip in the right port just times out). If I launch another instance in that VPC, the instance can talk to datomic, so it seems the problem is with the lambda configuration. vpc/subnets/security groups are all correct tho

Gabriel20:04:09

oh, I see @cjsauer ’s similar issues above. I can rule out jvm start times etc. as I’ve resorted to running commands on the host directly through https://github.com/iopipe/lambda-shell also it isn’t anything with dns resolution because I’m trying to talk to the right ip directly. calvin — I doubt this is IAM related because the port isn’t even accessible. it’s almost as if the lambda can’t reach the vpc at all

cjsauer20:04:31

@lewis I was able to get this working after reading the following from the AWS docs: >When you add VPC configuration to a Lambda function, it can only access resources in that VPC. If a Lambda function needs to access both VPC resources and the public Internet, the VPC needs to have a Network Address Translation (NAT) instance inside the VPC. Source for that is here: https://docs.aws.amazon.com/lambda/latest/dg/vpc.html Datomic apps access both VPC resources and apparently the public internet in order to access S3, so you can't put them in the existing public subnets. What you have to do is create a few private subnets in the Datomic VPC, and configure them with a NAT Gateway for internet access as the docs say. These are then what the Lambda function goes in.

Gabriel20:04:34

ooh gonna try that later! thanks for your help!

cjsauer20:04:49

@lewis no problem. Here are the docs for setting up those private subnets btw: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html

cjsauer20:04:50

Wondering if maybe the above information would be a helpful addition to the docs? I imagine this is a common tripping point for new Lambda+Datomic users.