Inaccessible host error at ap-northeast-2 region while deploying

aws

#1

I successfully deployed and invoked sample program well at us-east-1 region by following quick start guide.

Then, I tried to deploy the sample lambda to ap-northeast-2 region. I just changed region field at serverless.yml from us-east-1 to ap-northeast-2.

Deploy fails with these error messages.

Serverless: Recoverable error occurred (Inaccessible host: `cloudformation.ap-northeast-2.amazonaws.com'. This service may not be available in the `ap-northeast-2' region.), sleeping for 5 seconds. Try 1 of 4
Serverless: Recoverable error occurred (Inaccessible host: `cloudformation.ap-northeast-2.amazonaws.com'. This service may not be available in the `ap-northeast-2' region.), sleeping for 5 seconds. Try 2 of 4
Serverless: Recoverable error occurred (Inaccessible host: `cloudformation.ap-northeast-2.amazonaws.com'. This service may not be available in the `ap-northeast-2' region.), sleeping for 5 seconds. Try 3 of 4
Serverless: Recoverable error occurred (Inaccessible host: `cloudformation.ap-northeast-2.amazonaws.com'. This service may not be available in the `ap-northeast-2' region.), sleeping for 5 seconds. Try 4 of 4
 
  Serverless Error ---------------------------------------
 
  ServerlessError: Inaccessible host: `cloudformation.ap-northeast-2.amazonaws.com'. This service may not be available in the `ap-northeast-2' region.

I have been using many AWS services at ap-northeas-2 region. So, I think I do have right to use any service at ap-northeas-2 region.


#2

I found that the error is caused due to VPC.
Since I use VPC at ap-northeast-2, by setting VPC, security group, and subnet at AWS Lambda console, I was able to run the deployed sample program.

Now, I am trying to set those information at serverless.yml


#3

I added role and vpc to serverless.yml, but experiencing same error.

provider:
  name: aws
  runtime: nodejs6.10
  role: arn:aws:iam::888888273532:role/service-role/myRole
  vpc:
    securityGroupIds:
      - sg-88748888
    subnetIds:
      - subnet-88827888
      - subnet-88835888
  stage: dev
  region: ap-northeast-2

#4

Problem solved. I created a new IAM Role with AWSLambdaVPCAccessExecutionRole and specified this new role to serverless.yml. Then, I was able to deploy successfully.

Although the IAM Role I used before also had AWSLambdaVPCAccessExecutionRole, I was not able to deploy with that.

If anybody face this issue, I recommend create a new IAM Role by referencing https://docs.aws.amazon.com/lambda/latest/dg/vpc-ec-create-iam-role.html