⚠️ Critical Issue: Intermittent Timeouts on `api-data.line.me` from AWS Lambda

[evan-hitobito]

System Information

• Python version: 3.9+
• SDK version: line-bot-sdk-python v3.x
• Environment: AWS Lambda (Amazon Linux 2 / Amazon Linux 2023)
• Region: Confirmed in ap-northeast-1, potentially others.

Expected Behavior

The set_rich_menu_image method should successfully upload binary data to the LINE Data API within a standard request timeout (usually < 5s), matching the reliability of the standard Messaging API.

Current Behavior

While JSON-based calls to api.line.me work flawlessly, binary uploads to api-data.line.me frequently hang indefinitely until the Lambda execution environment times out. This suggests a network-level bottleneck or IP-based filtering specifically targeting the data-heavy endpoint.

Endpoint	Purpose	Status in Lambda
api.line.me	Messaging / Profiling (JSON)	✅ Stable
api-data.line.me	Rich Menu Image Upload (Binary)	❌ Hangs / Timeouts

Steps to Reproduce

1. Initialize MessagingApiDataApi in an AWS Lambda function.
2. Call set_rich_menu_image with a standard valid PNG/JPEG (e.g., 800KB).
3. Set Lambda timeout to 30s+.
4. Result: The function logs a timeout error or ConnectTimeoutError despite the image size being well within limits.

External References:

• [AWS Repost: Timeout calling LINE upload rich menu image](https://repost.aws/questions/QUexr8RXvTTSeVmHyYTafswg/timeout-call-api-line-upload-rich-menu-image)

Logs

[ERROR] Runtime.ExitError: Client.Timeout exceeded while awaiting headers
- OR -
[ERROR] urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api-data.line.me', port=443): 
Max retries exceeded with url: /v2/bot/richmenu/xxx/content (Caused by ConnectTimeoutError)

Potential Root Cause: IP Throttling / WAF Filtering

There is significant evidence suggesting that AWS Lambda public egress IP ranges are being throttled or flagged by LINE's ingress security layers (WAF/DDoS protection) specifically for the api-data.line.me domain.

1. Behavioral Analysis: The connection "hangs" without a 403 Forbidden or 429 Too Many Requests. This usually indicates packet dropping or extreme rate-limiting at the firewall level before the application layer is reached.
2. Infrastructure Conflict: Because Lambda uses a shared pool of public IPs, a "noisy neighbor" on AWS might have triggered a block that is now affecting the entire Lambda IP range for this data-intensive endpoint.

Requested Action for LINE Developers

• Security Audit: Please verify with your infrastructure team if AWS Lambda IP ranges (particularly for ap-northeast-1) are being subjected to aggressive filtering on api-data.line.me.
• MTU Discovery: Verify if there are specific Path MTU Discovery issues on the Data API that might cause large binary packets to be dropped when coming from AWS infrastructure.
• Documentation: If this is a known limitation, please update the [Messaging API Documentation](https://www.google.com/search?q=https://developers.line.biz/en/docs/messaging-api/using-rich-menus/%23upload-rich-menu-image) to advise on using a Static NAT Gateway for stable binary uploads.

[eucyt]

@evan-hitobito
Thank you for your report.
We sincerely apologize for the inconvenience caused.

This issue may have been related to an outage on our side.
https://api.line-status.info/incidents/vd9kpttwbq2j

The outage has now been resolved, so could you please confirm whether the problem is still occurring on your end?

Thank you for your cooperation.