- Newest
- Most votes
- Most comments
I am Interested in your VPC setup along with the security groups on your endpoints you believe are for lambda.
How your route tables look. Your endpoint settings. The security groups assigned to the endpoints and their settings.
In order to invoke the second function your parent function must have access to the Lambda public API endpoint. If your parent function is in a VPC, you must create a VPC endpoint for the Lambda service or create a NAT Gateway.
The fact that both function are attached to the same VPC does not matter as the only way to invoke a Lambda function is using the Lambda Invoke API, which is exposed as a public endpoint.
Saying all that, not that it is usually not a best practice to invoke a function from a function, specifically, if you are invoking the second function synchronously. The reason is that while the second function is running the parent function is waiting idle for the response and you pay for that time.
Relevant content
- asked 4 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 17 days ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
Hi Gary,
Both lambdas are connected to the same VPC, subnets, and security group. And the security group was explicitly given permission to call itself. As for the permissions, though the execution roles are different, both are given the permission to call InvokeFunction. The VPC is also connected to endpoints that can access both subnets and the security group is the same as the security group attached for the two lambdas. The policy attached to the endpoint also allows for InvokeFunction to bet called.