AWS Lambda + API Gateway + AWS Elasticsearch experiencing timeouts - amazon-web-services

I've recently gotten into AWS Serverless Architecture with .NET Core 1.0. In my application we use Elasticsearch on its own machine in order to maintain it. What I am trying to do is use AWS Elasticsearch Service from AWS API Gateway which is being proxied by AWS Lambda. (I believe I have typed this correctly)
When ever my code accesses my Elasticsearch domain I receive a timeout error. As of right now, my Elasticsearch domain is left wide open so anyone can access the information. I would like to lock it down for only the API Gateway and Lamda function.
I've tried messing with the policies and roles to no success. Has anyone tried to do what I am trying to do, if so, how were they able to connect it? Or is there a better way?

The simple solution is to put all of your services out of the VPC they are in right now (I believe they are not in the same one, as your IO calls get timed out).
My answer here would give you a nice background on AWS Lambda with VPC and why external IO calls time out.
AWS lambda invoke not calling another lambda function - Node.js
note: the answer is not related to NodeJS.

Related

What type of Lambda Function should be used make a health check Lambda for API (API → OpenSearch)

I need to create a Lambda healthcheck function.
The Lambda will check connection between API and Opensearch.
REST API gateaway should be inside an existing VPC that is already connected to AWS OpenSearch service.
What type of Lambda function should I use there?
I am completely new to all these services (with just some experience of some other services) and trying to figure out the direction I should start looking to.
Google is not being particularly helpful for me, maybe a specific thing I am looking for does not exist and such Lambda function should be custom made or something.
Thank you.

Restricting AWS Secrect for Single AWS Lambda

Experts,
I am using AWS Api gateways as a proxy over AWS Lambda for my client calls. API Gateway has a timeout of 29000 milliseconds which is becoming an issue for one of our Lambda call requires around 2 minutes to complete.
Memory is not an issue - the operation is a bit time consuming.
One of the dirty but quickest ways to solve this issue to call the lambda directly from the client app skipping the AWS API gateway however I have to then hardcode the access key and secret in the client app.
As we are struggling with this issue on production the quickest and dirty solution seems to be the way forward for now and then later on replaced with WebSockets.
Still, to avoid major security issue I was thinking about whether can we restrict the access key and secret to only 1 lambda function

AWS Lambda calling API gateway getting 500 internal server error

I'm developing several AWS serverless applications using Lambda and API gateway.
At one point, I tried to execute an API request on one application (using requests python lib) from code running inside a Lambda function in another application. I get 500 server error. From the logs it appears that the Lambda function behind the API gateway is not starting at all. I don't find any logs that can tell me what happened.
Additional details:
The API gateway is protected by IAM auth.
The calling lambda has permission to "execute_api"
The request is signed according to Signature V4 - I followed the example here: https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html#sig-v4-examples-post .
The issue was that the calling lambda needed permission to execute the second lambda behind the API gateway. I don't know why that is. I also still don't know how I should have debugged this - where are the logs that should tell me what was the issue. Eventually it was a lucky guess on my side.

How to use ECS and Lambda microservices within the same API?

I am trying to setup a microservice architecture on AWS, each microservice is a REST API.
Some of the services are running on ECS using Fargate and some of the services are running as a set of lambdas.
I am trying to have each api route resolve to the correct service, whether it is a ECS or Lambda based service.
I can see how it would be possible using only ECS services (with Application Load Balancer and listeners) or using only Lambdas (with an API Gateway). But I just cant seem to figure out how to mix the two together.
I have been searching relentlessly all week and I cannot find any decent documentation or an example of how to implement something similar to this.
There appears to be a limit to the number of routes for ALB or API Gateway. If I have several lambda based services there will need to be a declared path for each Lambda function and they will use up the path limit very quickly.
Should there be an intermediary step between each service and the API Gateway? For instance, each Lambda service has its own API Gateway which 'groups' those functions together. Which would mean there will be a nested set of API Gateways that the parent API Gateway routes to. This doesn't feel correct though.
Any help in the right direction would be appreciated.
Thanks
Your AWS account's API Gateway REST and Websocket routes/resources limit can be increased with a request to AWS support.

How to deploy a SpringBoot microservice application(RESTful) as serverless to AWS Lambda?

I have developed a simple microservice, REST based using Java 8 and Spring Boot2.0. It has its own REST end points which I can call using Postman and I get the response very well. Now I have doubt in understanding the design & architecture if I want to deploy the same application on AWS cloud. I want my application to behave as serverless so I want to deploy on AWS using its Lambda service.
Please assist to clear my following doubts :-
1) First, can I upload my whole application code to AWS Lambda in order to make it serverless?
2) If yes, then do I need to use AWS API Gateway (compulsorily) to invoke my Lambda function when the request passes through it?
3) If yes (point 2), then end points which are there in my original microservice code will become ineffective and will be overridden by new API Gateway end points?
My whole doubt is about end points, which end point will be used to invoke the Lambda functions?
Please assist to clarify my doubt. If there is any sample reference material then it will be really great.
Cheers
Spring Boot and AWS Lambda don't naturally go together IMO.
Lambda is pure code, it does not present itself as a HTTP Server, it is just triggered by one of the other AWS services (API Gateway, CloudWatch, S3, DynamoDB, Kinesis, SDK, etc.). The handler receives a JSON request from the calling service, and processes the request. Here is an example.
API Gateway does much of what Spring Boot provides for you. API Gateway is always online waiting for HTTP requests to come in, for which you only pay for incoming requests, you do not pay for idle (the definition of serverless IMO).
Once a request comes in, API Gateway wraps the request payload with some additional environmental data and sends it to your Lambda handler, which processes the request and returns some response to the client.
Saying that, if you don't want to restructure your service, there are a couple of options open to you:
Wrap into a Docker image and use an AWS Container Service, either using ECS or ElasticBeanstalk, neither of these are considered to be serverless.
I have not tried this, but according to AWS:
You can use the aws-serverless-java-container library to run a Spring Boot application in AWS Lambda. You can use the library within your Lambda handler to load your Spring Boot application and proxy events to it.
See links to Convert your SpringBoot project and Deploy it to AWS Lambda.
Hope this helps.