What is the time to deploy on the Lambda with no NAT Gateway needed?

[infamousjoeg]

I'm deploying this AWS Lambda and it keeps stalling at the same point.

This is as far as I can get before it just stops... no errors or failure... just stops.

Date	Status	Type	Logical ID	Status Reason
14:25:57 UTC-0400	CREATE_COMPLETE	AWS::DynamoDB::Table	DynamoDBTableInstances
14:25:54 UTC-0400	CREATE_IN_PROGRESS	AWS::CloudFormation::CustomResource	CreateSafe
14:25:52 UTC-0400	CREATE_COMPLETE	AWS::Lambda::Function	ElasticityLambda
14:25:52 UTC-0400	CREATE_IN_PROGRESS	AWS::Lambda::Function	ElasticityLambda	Resource creation Initiated
14:25:51 UTC-0400	CREATE_COMPLETE	AWS::Lambda::Function	SafeHandlerLambda
14:25:51 UTC-0400	CREATE_IN_PROGRESS	AWS::Lambda::Function	SafeHandlerLambda	Resource creation Initiated
14:25:50 UTC-0400	CREATE_IN_PROGRESS	AWS::Lambda::Function	SafeHandlerLambda
14:25:50 UTC-0400	CREATE_IN_PROGRESS	AWS::Lambda::Function	ElasticityLambda
14:25:47 UTC-0400	CREATE_COMPLETE	AWS::IAM::Policy	LambdaS3BucketPolicy
14:25:47 UTC-0400	CREATE_COMPLETE	AWS::IAM::Role	ElasticityLambdaRole
14:25:46 UTC-0400	CREATE_COMPLETE	AWS::IAM::Role	SafeHandlerLambdaRole
14:25:43 UTC-0400	CREATE_COMPLETE	AWS::Lambda::Function	TrustMechanismLambda
14:25:43 UTC-0400	CREATE_IN_PROGRESS	AWS::Lambda::Function	TrustMechanismLambda	Resource creation Initiated
14:25:42 UTC-0400	CREATE_IN_PROGRESS	AWS::IAM::Policy	LambdaS3BucketPolicy	Resource creation Initiated
14:25:41 UTC-0400	CREATE_IN_PROGRESS	AWS::Lambda::Function	TrustMechanismLambda
14:25:41 UTC-0400	CREATE_IN_PROGRESS	AWS::IAM::Policy	LambdaS3BucketPolicy
14:25:38 UTC-0400	CREATE_COMPLETE	AWS::IAM::Role	LambdaS3BucketRole
14:25:38 UTC-0400	CREATE_COMPLETE	AWS::IAM::Role	TrustMechanismLambdaRole
14:25:36 UTC-0400	CREATE_COMPLETE	AWS::EC2::SecurityGroupIngress	SecurityGroupPVWAIngress
14:25:36 UTC-0400	CREATE_IN_PROGRESS	AWS::EC2::SecurityGroupIngress	SecurityGroupPVWAIngress	Resource creation Initiated
14:25:35 UTC-0400	CREATE_IN_PROGRESS	AWS::IAM::Role	ElasticityLambdaRole	Resource creation Initiated
14:25:35 UTC-0400	CREATE_COMPLETE	AWS::EC2::SecurityGroupEgress	EgressAccessHTTPS
14:25:35 UTC-0400	CREATE_IN_PROGRESS	AWS::IAM::Role	ElasticityLambdaRole
14:25:35 UTC-0400	CREATE_IN_PROGRESS	AWS::IAM::Role	SafeHandlerLambdaRole	Resource creation Initiated
14:25:34 UTC-0400	CREATE_IN_PROGRESS	AWS::IAM::Role	SafeHandlerLambdaRole
14:25:34 UTC-0400	CREATE_IN_PROGRESS	AWS::EC2::SecurityGroupEgress	EgressAccessHTTPS	Resource creation Initiated
14:25:34 UTC-0400	CREATE_IN_PROGRESS	AWS::EC2::SecurityGroupIngress	SecurityGroupPVWAIngress
14:25:33 UTC-0400	CREATE_IN_PROGRESS	AWS::EC2::SecurityGroupEgress	EgressAccessHTTPS
14:25:32 UTC-0400	CREATE_COMPLETE	AWS::SSM::Parameter	ParameterPVWA
14:25:32 UTC-0400	CREATE_COMPLETE	AWS::IAM::ManagedPolicy	ElasticityLambdaPolicy
14:25:32 UTC-0400	CREATE_IN_PROGRESS	AWS::SSM::Parameter	ParameterPVWA	Resource creation Initiated
14:25:32 UTC-0400	CREATE_COMPLETE	AWS::IAM::ManagedPolicy	SafehandlingLambdaPolicy
14:25:31 UTC-0400	CREATE_COMPLETE	AWS::EC2::SecurityGroup	ElasticityLambdaSecurityGroup
14:25:31 UTC-0400	CREATE_COMPLETE	AWS::EC2::SecurityGroup	TrustMechanismSecurityGroup
14:25:30 UTC-0400	CREATE_IN_PROGRESS	AWS::EC2::SecurityGroup	TrustMechanismSecurityGroup	Resource creation Initiated
14:25:30 UTC-0400	CREATE_IN_PROGRESS	AWS::EC2::SecurityGroup	ElasticityLambdaSecurityGroup	Resource creation Initiated
14:25:30 UTC-0400	CREATE_IN_PROGRESS	AWS::SSM::Parameter	ParameterPVWA
14:25:29 UTC-0400	CREATE_COMPLETE	AWS::SSM::Parameter	ParameterUsername
14:25:29 UTC-0400	CREATE_IN_PROGRESS	AWS::SSM::Parameter	ParameterUsername	Resource creation Initiated
14:25:28 UTC-0400	CREATE_COMPLETE	AWS::SSM::Parameter	ParameterWindowsAccountsSafe
14:25:28 UTC-0400	CREATE_COMPLETE	AWS::SSM::Parameter	ParameterAWSKeyPairSafe
14:25:28 UTC-0400	CREATE_COMPLETE	AWS::SSM::Parameter	ParameterUnixAccountsSafe
14:25:28 UTC-0400	CREATE_IN_PROGRESS	AWS::SSM::Parameter	ParameterAWSKeyPairSafe	Resource creation Initiated
14:25:28 UTC-0400	CREATE_IN_PROGRESS	AWS::SSM::Parameter	ParameterWindowsAccountsSafe	Resource creation Initiated
14:25:28 UTC-0400	CREATE_IN_PROGRESS	AWS::SSM::Parameter	ParameterUnixAccountsSafe	Resource creation Initiated
14:25:27 UTC-0400	CREATE_IN_PROGRESS	AWS::IAM::ManagedPolicy	ElasticityLambdaPolicy	Resource creation Initiated
14:25:27 UTC-0400	CREATE_IN_PROGRESS	AWS::IAM::ManagedPolicy	ElasticityLambdaPolicy
14:25:27 UTC-0400	CREATE_IN_PROGRESS	AWS::IAM::Role	LambdaS3BucketRole	Resource creation Initiated
14:25:27 UTC-0400	CREATE_IN_PROGRESS	AWS::IAM::ManagedPolicy	SafehandlingLambdaPolicy	Resource creation Initiated
14:25:26 UTC-0400	CREATE_IN_PROGRESS	AWS::DynamoDB::Table	DynamoDBTableInstances	Resource creation Initiated
14:25:26 UTC-0400	CREATE_IN_PROGRESS	AWS::IAM::Role	LambdaS3BucketRole
14:25:26 UTC-0400	CREATE_IN_PROGRESS	AWS::IAM::ManagedPolicy	SafehandlingLambdaPolicy
14:25:26 UTC-0400	CREATE_IN_PROGRESS	AWS::SSM::Parameter	ParameterUnixAccountsSafe
14:25:26 UTC-0400	CREATE_IN_PROGRESS	AWS::IAM::Role	TrustMechanismLambdaRole	Resource creation Initiated
14:25:26 UTC-0400	CREATE_IN_PROGRESS	AWS::SSM::Parameter	ParameterWindowsAccountsSafe
14:25:26 UTC-0400	CREATE_IN_PROGRESS	AWS::DynamoDB::Table	DynamoDBTableInstances
14:25:26 UTC-0400	CREATE_IN_PROGRESS	AWS::SSM::Parameter	ParameterUsername
14:25:26 UTC-0400	CREATE_IN_PROGRESS	AWS::SSM::Parameter	ParameterAWSKeyPairSafe
14:25:26 UTC-0400	CREATE_IN_PROGRESS	AWS::IAM::Role	TrustMechanismLambdaRole
14:25:26 UTC-0400	CREATE_IN_PROGRESS	AWS::EC2::SecurityGroup	TrustMechanismSecurityGroup
14:25:25 UTC-0400	CREATE_IN_PROGRESS	AWS::EC2::SecurityGroup	ElasticityLambdaSecurityGroup
14:25:16 UTC-0400	CREATE_IN_PROGRESS	AWS::CloudFormation::Stack	cybr-lambda-deploy-3	User Initiated

[infamousjoeg]

Finally received a failure -- here it is. Confirmed the VPC can communicate with PVWA and the Security Group being used has ALL TRAFFIC open outbound.

15:26:21 UTC-0400 | CREATE_FAILED | AWS::CloudFormation::CustomResource | CreateSafe | Custom Resource failed to stabilize in expected time

[infamousjoeg]

The resolution was that NAT Gateway was required. There is no way around this I could find.