Calling VPC Lattice Service Endpoint from Private Lambda timeout

Question

I’m learning about Amazon VPC Lattice by building a project using Terraform.
It is a simple project with one client which is a private lambda, one service network and one service based on a lambda target group.
I believe I have everything correctly setup but I can’t make a call to the VPC Lattice Service Endpoint from the private lambda client. No logs show up in the Service Network or Service level.
Instead, the Lambda logs the following error to the console

```
2024-01-24T09:26:16.096Z	039fc504-9a3e-49f9-866e-88e5b33efd53	ERROR	Error: connect ETIMEDOUT 169.254.171.65:443
    at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1555:16)
    at TCPConnectWrap.callbackTrampoline (node:internal/async_hooks:130:17) {
  errno: -110,
  code: 'ETIMEDOUT',
  syscall: 'connect',
  address: '169.254.171.65',
  port: 443
}
```

AUTH is None and Security Groups allow HTTPS on port 443.
DNS hostnames and DNS resolution is enabled for the Lambda’s VPC
Does anyone know what I could be missing here? I can provide more information

Accepted Answer

Finally solved it by adding an inbound rule to the Lambda's ENI security group allowing all traffic from all protocols & ports from 10.0.0.0/16

Answer

One way to troubleshoot this would be to put an EC2 instance on the same subnet that the Lambda function is connected to. That way you can test interactively what is happening. I suspect there is an issue with routing, NACLs or something else at the network layer but there's not enough information to say for sure.

Calling VPC Lattice Service Endpoint from Private Lambda timeout

Relevant content