I am trying to connect to a RDS Instance from a Python runtime Lambda Function.
Both the RDS and the Lambda are in a different VPC. I have connected both VPC's using VPC Peering and have confirmed that the peering is successful using EC2 instances.
My VPC A is on the CIDR 172.31.0.0/16,
VPC B is on the CIDR 10.1.0.0/16.
The SG's are configured using CIDR's and so are the routes.
The Route Table has the entries as such
VPC A route table:
Destination 10.1.0.0/16
Target pcx-xxxxxxx
VPC B route table:
Destination 172.31.0.0/16
Target pcx-xxxxxxx
Destination 10.2.0.0/16
Target pcx-1234567
SG for VPC A
Inbound
Type - MYSQL/ Aurora
Protocol - TCP
Port - 3306
Source - 10.1.0.0/16
SG for VPC B
Outbound
Type - All traffic
Protocol - All
Port - All
Destination - 172.31.0.0/16
VPC B is also using VPC peering with a different VPC in a different region, to access a different service other than RDS.
Inside a Lambda I can access that service using boto3
When I try to connect to the RDS using pymysql, the pymysql.connect timeout. I tried to create a VPC endpoint interface for the RDS and use that as the endpoint that I connect to but that doesn't work either.
If I were to give internet access to the lambda then I can access the RDS instance but I don't want to use that solution.
I think the issue is that you have
Publicly Accessible = Yes.From Working with a DB instance in a VPC - Amazon Relational Database Service:
This means that the Lambda function (in VPC B) will resolve the RDS DNS name to a public IP address, which is not routable via the VPC Peering connection.
You can either set
Publicly acccessible = No(which is safer), or connect via the Internet, or somehow resolve the RDS DNS name to a private IP address use it for the connection. (Not sure how you would do this from VPC B.)