Aws-lambda-dotnet: Can not connect to MongoDB Atlas

Created on 16 Mar 2018  路  24Comments  路  Source: aws/aws-lambda-dotnet

I wrote a simple AWS Serverless ASP Net Core 2.0 WebAPI
This connects to a MongoDB Atlas Database. But it is not working. It is giving timeout.
I test locally and it Works. I publish to Azure it Works.

I suspect this is being caused by AWS CloudFormation firewall .

When I publish to AWS Serverless , it gives error:

502 Bad Gateway

{
"message": "Internal server error"
}

I checked the logs,

Unhandled Exception: System.TimeoutException: A timeout occured after 30000ms selecting a server using CompositeServerSelector{ Selectors = MongoDB.Driver.MongoClient+AreSessionsSupportedServerSelector, LatencyLimitingServerSelector{ AllowedLatencyRange = 00:00:00.0150000 } }. Client view of cluster state is { ClusterId : "1", ConnectionMode : "ReplicaSet", Type : "ReplicaSet", State : "Disconnected", Servers : [{ ServerId: "{ ClusterId : 1, EndPoint : "Unspecified/cluster0-shard-00-00-3lmjx.mongodb.net:27017" }", EndPoint: "Unspecified/cluster0-shard-00-00-3lmjq.mongodb.net:27017", State: "Disconnected", Type: "Unknown" }, { ServerId: "{ ClusterId : 1, EndPoint : "Unspecified/cluster0-shard-00-01-3lmjx.mongodb.net:27017" }", EndPoint: "Unspecified/cluster0-shard-00-01-3lmjx.mongodb.net:27017", State: "Disconnected", Type: "Unknown" }, { ServerId: "{ ClusterId : 1, EndPoint : "Unspecified/cluster0-shard-00-02-3lmjq.mongodb.net:27017" }", EndPoint: "Unspecified/cluster0-shard-00-02-3lmjq.mongodb.net:27017", State: "Disconnected", Type: "Unknown" }] }.

How to debug and solve this?

My serveless.template

{
  "AWSTemplateFormatVersion" : "2010-09-09",
  "Transform" : "AWS::Serverless-2016-10-31",
  "Description" : "An AWS Serverless Application that uses the ASP.NET Core framework running in Amazon Lambda.",

  "Parameters" : {
    "ShouldCreateBucket" : {
      "Type" : "String",        
      "AllowedValues" : ["true", "false"],
      "Description" : "If true then the S3 bucket that will be proxied will be created with the CloudFormation stack."
    },  
    "BucketName" : {
        "Type" : "String",
        "Description" : "Name of S3 bucket that will be proxied. If left blank a new table will be created.",
        "MinLength" : "0"
    }
  },

  "Conditions" : {
    "CreateS3Bucket" : {"Fn::Equals" : [{"Ref" : "ShouldCreateBucket"}, "true"]},
    "BucketNameGenerated" : {"Fn::Equals" : [{"Ref" : "BucketName"}, ""]}
  },

  "Resources" : {

    "ProxyFunction" : {
      "Type" : "AWS::Serverless::Function",
      "Properties": {
        "Handler": "AWSServerless1::AWSServerless1.LambdaEntryPoint::FunctionHandlerAsync",
        "Runtime": "dotnetcore2.0",
        "CodeUri": "",
        "MemorySize": 256,
        "Timeout": 30,
        "Role": null,
        "Policies": [ "AWSLambdaFullAccess" ],
        "Environment" : {
          "Variables" : {
            "AppS3Bucket" : { "Fn::If" : ["CreateS3Bucket", {"Ref":"Bucket"}, { "Ref" : "BucketName" } ] }
          }
        },
        "Events": {
          "PutResource": {
            "Type": "Api",
            "Properties": {
              "Path": "/{proxy+}",
              "Method": "ANY"
            }
          }
        }
      }
    },

    "Bucket" : {
        "Type" : "AWS::S3::Bucket",
        "Condition" : "CreateS3Bucket",
        "Properties" : {
            "BucketName" : { "Fn::If" : ["BucketNameGenerated", {"Ref" : "AWS::NoValue" }, { "Ref" : "BucketName" } ] }
        }
    }
  },

  "Outputs" : {
    "S3ProxyBucket" : {
        "Value" : { "Fn::If" : ["CreateS3Bucket", {"Ref":"Bucket"}, { "Ref" : "BucketName" } ] }
    }
  }
}
guidance
Source
picture TonyHenrique

Most helpful comment

Same here. Trying to run a lambda in AWS to connect via public IP to the free tier. Doesn't work. Looks like lambda is running my function on linux.

picture acronoah on 18 May 2018
👍3

All 24 comments

@TonyHenrique, this seems like role your lambda is running if its set to doesn't have access to your database resources, since role is null in yoir serverless template, it generates it randomly. You will need to go to IAM and change policy to have access to Mongodb, Also ensure you are setting lambda to right VPC.

raban33 picture raban33 on 16 Mar 2018

I checked IAM and could not find a MongoDB option in services, is there a blog posting showing how to connect to MongoDB Atlas from AWS Lambda ASP Net Core 2.0 ?

Or how can I edit this file to allow this outgoing connection?

TonyHenrique picture TonyHenrique on 16 Mar 2018

@TonyHenrique Not sure on MongoDB(perhaps outbound internet connection) but essentially for Dynamo you would just give dynamoDb: * to access all resources for dynamo.

raban33 picture raban33 on 16 Mar 2018

At the moment the application Data was already developed on Mongo DB,
and need to access port 27017 on *.mongodb.net

TonyHenrique picture TonyHenrique on 16 Mar 2018

@TonyHenrique can you verify if lambda has outbound internet connection and then perhaps look into the incoming traffic on to mongodb?

raban33 picture raban33 on 16 Mar 2018

I published the same Project to Azure and it Works.
On AWS it seems to be firewall blocked.

How to enable address / ports on firewall so I can connect to Mongo Atlas ?

TonyHenrique picture TonyHenrique on 16 Mar 2018

Are the lambda function and the mongo database hosted both in vpc or both in EC2 classic?

Kralizek picture Kralizek on 16 Mar 2018

No. I published the ASP Net Core to AWS Lambda,
but the MongoDB is hosted on Mongo Atlas Service (https://www.mongodb.com/cloud/atlas)

So My ASP NET Needs to access
port 27017 on *.mongodb.net

How can I edit My serveless.template to allow this outgoing connection?

TonyHenrique picture TonyHenrique on 16 Mar 2018

Is your lambda in a vpc with no internet access? Can you do a get to www.google.com?

I never tried mongo atlas.

Kralizek picture Kralizek on 16 Mar 2018

@TonyHenrique it looks like a connection string issue but i've asked a team member to confirm

jaydestro picture jaydestro on 16 Mar 2018

@TonyHenrique I confirm it looks like a connection string issue. Where did you configure it in your code and more importantly, which value did you assign to it? (you should mask the auth credentials in that connection string if you plan to paste it here).

The "Unspecified/cluster0-shard-00-00-3lmjx.mongodb.net:27017" value is the red flag here so we'd have to know where your Lambda function is retrieving this info from. I'd suggest you ping me directly on Slack after you join our Community Slack Network at https://community-slack.mongodb.com

rlondner picture rlondner on 16 Mar 2018
👍1

The connection does not contains that "Unspecified"

It appears only on AWS error. Also I know it is not wrong connection, because it Works locally, and also on Azure. Only on AWS this error appears.

The error is a Timeout error. Looks like a Firewall issue.

TonyHenrique picture TonyHenrique on 16 Mar 2018

@TonyHenrique recommend you go onto the slack @rlondner mentioned or open a jira with MongoDB support https://jira.mongodb.org

Did you open the whitelist for your lambda connection in Atlas?

https://docs.atlas.mongodb.com/security-whitelist/

jaydestro picture jaydestro on 16 Mar 2018

It is not a MongoDB issue, it Works fine on Azure and Local.
The connection is only blocked when started from AWS Lambda.

I also checked MongoDB IP Whitelist:

0.0.0.0/0 (includes your current IP address)

image

TonyHenrique picture TonyHenrique on 16 Mar 2018

@TonyHenrique def join the slack - we'll see if we can talk you through it.

jaydestro picture jaydestro on 16 Mar 2018

I noticed in the Mongo DB docs that it says for the C# driver on .NET Core it can't connect to the free tier and a couple other cluster configurations in Linux. Lambda is a Linux environment so could that be the problem?

image

normj picture normj on 17 Mar 2018
👍1

Closing for lack of activity

normj picture normj on 29 Apr 2018

Was there ever a solution @normj @jaydestro ? I'm running into this issue right now.

RobOverman picture RobOverman on 14 May 2018
👍3

Same here. Trying to run a lambda in AWS to connect via public IP to the free tier. Doesn't work. Looks like lambda is running my function on linux.

acronoah picture acronoah on 18 May 2018
👍3

Yeah I'm getting this issue too. A fix would be nice :-)

alexAlchemy picture alexAlchemy on 22 Jun 2018
👍1

Ditto here. Everything was working great on Atlas' Azure but when we migrated to Atlas' AWS this past weekend we are seeing this same issue happening.

sepatel picture sepatel on 20 Aug 2018
👍1

Any resolution? Same thing here -- Azure works fine, but AWS returns:

502 Bad Gateway { "message": "Internal server error" }

And this particular api method does not use the database, so that's not an issue.

mplgn picture mplgn on 6 Sep 2018
👍1

I was getting this error.

image

I realised the issue was because of no outbound traffic from lambda.

I modified it to be in the VPC that allowed outbound traffic and the connection to Mongo started working.

hrai picture hrai on 22 Nov 2018
👍2

I had this issue in Azure and I solved it! I was using the free tier of MongoDB atlas.

Whitelist the IP by going to the console and type: "Curl -o output.txt icanhazip.com" then "cat output.txt". Add this entry to your Mongolabs IP address whitelist.

NSegal picture NSegal on 8 May 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mbp picture mbp  路  5Comments
ghost picture ghost  路  3Comments
JustinGrote picture JustinGrote  路  5Comments
matsola picture matsola  路  4Comments
scionwest picture scionwest  路  4Comments