0

I use aws lambda to perform custom actions as Auto Scaling terminates instances. It looks like this

def scaledown_handler(event, context):
    # customs actions
    client = boto3.client('autoscaling')
    response = client.complete_lifecycle_action(LifecycleHookName=event['detail']['LifecycleHookName'],
                                     LifecycleActionToken=event['detail']['LifecycleActionToken'],
                                     AutoScalingGroupName=event['detail']['AutoScalingGroupName'],
                                     LifecycleActionResult='CONTINUE',
                                     InstanceId=event['detail']['EC2InstanceId'])

The problem is that the function just hangs on client.complete_lifecycle_action() and finishes by timeout without any response and my ec2 instances are always "Waiting for Terminate Lifecycle Action".

aws autoscaling complete-lifecycle-action in aws CLI works fine, but i need to be done this from AWS lambda. How can I find out why does complete_lifecycle_action() hang without a response?

Vitalii Vitrenko
  • 6,880
  • 2
  • 31
  • 52
  • Did you place the Lambda function in a VPC? – Mark B Dec 26 '16 at 13:29
  • Yes, the Lambda is in the same VPC as my ec2 instances. – Vitalii Vitrenko Dec 26 '16 at 13:35
  • Do you actually need it to be in the VPC? If you don't have a NAT gateway in your VPC then the Lambda function won't have access to anything outside the VPC. The AWS API exists outside your VPC, so the Lambda function is getting a network timeout trying to access it. – Mark B Dec 26 '16 at 13:38
  • Look at the answers to these questions: http://stackoverflow.com/questions/38188532/why-aws-lambda-within-vpc-can-not-send-message-to-sns http://stackoverflow.com/questions/35423246/adding-aws-lambda-with-vpc-configuration-causes-timeout-when-accessing-s3 – Mark B Dec 26 '16 at 13:39
  • But as far as I know if I set no VPC for my Lambda it will be run securely inside a default system-managed VPC. My custom actions require connection to one of the ec2 instances and without VPC I cannot connect to it. – Vitalii Vitrenko Dec 26 '16 at 14:05
  • 1
    "But as far as I know if I set no VPC for my Lambda it will be run securely inside a default system-managed VPC" that's incorrect. And like I said, if you require VPC access then you will have to add a NAT gateway to your VPC. – Mark B Dec 26 '16 at 14:44
  • @MarkB Thanks a lot. I have added a NAT gateway and now it works perfectly. If you want, write a full answer and I will accept it. – Vitalii Vitrenko Dec 26 '16 at 18:24

2 Answers2

1

If you don't have a NAT gateway in your VPC then the Lambda function won't have access to anything outside the VPC. The AWS API exists outside your VPC, so the Lambda function is getting a network timeout trying to access it.

You have to add a NAT Gateway to your VPC in order for Lambda functions (and other things in your VPC that don't have a public IP) to access anything outside the VPC.

Mark B
  • 139,343
  • 19
  • 240
  • 237
0

You need to use put_lifecycle_hook() API. http://www.callumpember.com/auto-scaling-lifecycle-hooks/ On this link, you can get the complete python script for executing the custom actions before terminating the instance.

priyanka sharma
  • 125
  • 3