By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Access an Azure Synapse database from an AWS Lambda

0

I have multi account on AWS and in each account I have custom VPC connected through Transit Gateway and all of them talk to Azure environment through Site to Site VPN . I created EC2 instance in each environment to test routs by pinging private Ips of azure vms and it worked , so the routs are there and working fine . Now I'm trying to ping Azure Synapse private Ip but it does't work even though I added private Ips of EC2 instances as a client IP into azure synapse .

The main idea is to connect to Azure Synapse from an AWS Lambda but for now i'm trying at least achieve it from EC2 instance .

Questions:

Does anyone have a better understanding of Azure Synapse ? In order for me to connect to Azure Synapse do I need to use Private DNS Resolvers on AWS and Azure or having configured TG , site to site should be enough or maybe I need to use private endpoints in Azure ?

Thank you

  • Are you trying to access the Azure resources from EC2 or Lambda?

4 Answers
3

I'd start by getting IP connectivity working but then I would expect that you'll need to setup "Hybrid DNS". Keep in-mind that the VPC+2 Route53 resolver is not accessible off the subnet; so, it will not be accessible from Azure. Please see my blog post How to achieve DNS high availability with Route 53 Resolver endpoints

AWS
answered a month ago
profile picture
EXPERT
reviewed a month ago
2

Hello, You don't mention attaching your Lambda function to a VPC in your AWS account.

The Lambda service uses a Network Function Virtualization platform to provide NAT capabilities from the Lambda VPC to customer VPCs. This configures the required elastic network interfaces (ENIs) at the point where Lambda functions are created or updated. It also enables ENIs from your account to be shared across multiple execution environments, which allows Lambda to make more efficient use of a limited network resource when functions scale. Here are the instructions for Attaching Lambda functions to an Amazon VPC in your AWS account.

Since ENIs are an exhaustible resource and there is a soft limit of 250 ENIs per Region, you should monitor elastic network interface usage if you are configuring Lambda functions for VPC access. Generally, if you increase concurrency limits in Lambda, you should evaluate if you need an elastic network interface increase. If the limit is reached, this causes invocations of VPC-enabled Lambda functions to be throttled.

Here is the AWS Lambda - Operator Guide - Networking and VPC configurations

AWS
answered a month ago
profile picture
EXPERT
reviewed a month ago
  • Hello . Thank you for the heads up about attaching lambda function to a VPC . I have "VpcConfig:" part included in my CloudFormation template . Also still trying to find out weather it's necessary to use Private DNS resolver or not .

2

The article Understanding Azure Synapse Private Endpoints states: "When creating your workspace, you have the option to allow ALL IP address through." It seems like this is going to be needed in your environment.

Here are some how-to guides:

Note: The doc on Private Link Hubs states: "You must integrate the private endpoints with your DNS solution, either your on-premises solution or Azure Private DNS"

AWS
answered a month ago
profile picture
EXPERT
reviewed a month ago
2
AWS
answered a month ago
profile picture
EXPERT
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions