Troubleshooting VPC endpoints. ACM.318 When you can’t access AWS… | by Teri Radichel | Cloud Security | September 2023


ACM.318 When you can’t access AWS services or your response time slows after deploying VPC endpoints and how to fix it

Part of my series on Automation of cybersecurity measures. Lambda. Internet Security. GitHub Security. Container security. Deploy a static website. THE Coded.

Free content on Cybersecurity Jobs | Register at Broadcast list

In the last article I explained how to use Secrets Manager in a private network with a VPC endpoint.

I got it working but the response was too slow and when I ran another Secrets Manager command it got even worse. It took about 10 minutes after adding three AWS CLI commands. Obviously something was wrong, but it still worked. What?

In this article, I thought I was just going to add GetSecretValue to my function, but it turns out I ran into a whole bunch of other problems along the way – and I’ll tell you what they are and how to solve them. As for network slowness, I think AWS could prevent this for customers, and I’ll tell you how.

What happened was that I added calls to a new service – STS – in my function. The AWS GetSecretValue method also requires KMS. I don’t know if this is also a factor here, but in this case there are three AWS service calls, and for local testing I also call the method to invoke the Lambda functions, so four AWS service calls .

Then I blocked all public access as explained in this article, because there are a lot of junk files on my EC2 instance and blocking it at the NACL level improves performance and reduces risk.

Leave a comment