Hello -
I am accessing tables in an RDS Aurora Postgres by using an Athena Federated Query. The Lambda can access the postgres because it is reading the tables into the catalog in Athena, but when I try to query the data I get a timeout error.
GENERIC_USER_ERROR: Encountered an exception[com.amazonaws.SdkClientException] from your LambdaFunction[arn:aws:lambda:MyRegion:MyAccount:function:MyFunction] executed in context[retrieving meta-data] with message[Unable to execute HTTP request: Connect to s3.amazonaws.com:443 [s3.amazonaws.com/54.231.192.16] failed: connect timed out]
This seems to be related to the s3 permissions, but I can't suss out where the mismatch is. Do I need a bucket policy? As a principal, I have access to all the s3 resources needed, permissions on Athena, and Lambda also. The Lambda seems to have the correct s3 permissions (read/write for the bucket and all objects in the bucket). Any insight would be helpful!
Thanks!
AWS 官方已更新 3 年前
I set up an S3 VPC endpoint and did not get any change in the error. I used com.amazonaws.s3-global.accesspoint Are there specifics with the endpoint configuration I should look at?
Figured it out - You need to selected the region specific service gateway. The Endpoint I mentioned above is an interface.
After I started a new VPC Endpoint with com.amazonaws.us-east-1.s3 and associated it to my security group, a new line in my sg appeared pl-******** Then I could properly query from Athena.
Thanks for the push in the right direction!