How to connect your Lambda function securely to your private RDS instances in your VPC using security groups, and still have internet access

Step one: Preparations

Step two: Placement

Step three: Configuring our routes

Destination            Target local igw-<your_igw_id>
Destination            Target local nat-<your_nat_id>

Step four: Configuring our security groups

Direction Protocol Port Source
Outbound ALL ALL ALL
Direction Protocol Port Source
Inbound TCP 3306 sg-<lambda_sg>
Outbound ALL ALL ALL

Step five: Configuring our Lambda functions

Step six: testing our configurations

const mysql = require('mysql')const connection = mysql.createConnection({
host: process.env.RDS_HOST,
user: process.env.RDS_USER,
password: process.env.RDS_PASSWORD,
database: process.env.RDS_NAME
connection.connect(err => {
if (err) {
console.error('error connecting: ' + err.stack)
console.log('connected as id: ' + connection.threadId)
connection.end(err => {
if (err) console.error('error closing connection: ' + err.stack)
console.log('connection closed')
try {    const params = {
Bucket: 'bucketname',
Key: 'test.json'
const response = await S3.getObject(params).promise()

} catch (err) {

Common issues, with common fixes

1. My function is timing-out, but only in the VPC!

2. My function can’t connect to my RDS instance!

3. My function sometimes times-out but not all the time!

4. I can’t save my VPC settings in Lambda!




