如何将VPC内的AWS Lambda函数连接到DynamoDB等公共资源?
[英]How to connect AWS Lambda function inside a VPC to public resources like DynamoDB?
问题描述
I am trying to enable my VPC lambda function for ElasticCache to access DynamoDB. 
我正在尝试为ElasticCache启用我的VPC lambda函数以访问DynamoDB。 I know for this, I need to setup a NAT gateway. 我知道,我需要设置一个NAT网关。 However, I am not able to make it work. 但是,我无法使其工作。 My private subnet is in 172.31. 我的专用子网位于172.31。 . 。 range. 范围。
These are the steps I am following: 这些是我要执行的步骤:
- Create a public subnet with ip range in 10.0.0.0.
- Create a public VPC in the same IP range mentioned above.
- Create a public Internet gateway in the public VPC.
- Create a public route table, which is not the main route table and attach the public subnet to it.
- Create a NAT gateway in the public subnet.
Now I have 3 route table, two for my public subnets(10.0.0.0) and one existing for my private subnet(172.31.0.0) which is part of my private VPC. 现在,我有3个路由表,其中两个用于我的公共子网(10.0.0.0),一个用于我的私有子网(172.31.0.0),这是我的私有VPC的一部分。
My private route table has a route for 0.0.0.0/0 to my private Internet gateway. 我的专用路由表的路由为0.0.0.0/0到我的专用Internet网关。
I think I need to change this route to point to my public NAT gateway, however I am unable to do so as the private IP of my NAT lies in 10.0.0.0 range I guess. 我想我需要更改此路由以指向我的公共NAT网关,但是我做不到,因为我的NAT的私有IP在10.0.0.0范围内。 I am confused at this point on how to proceed. 关于这一点,我感到困惑。 I tried creating a NAT gateway in private subnet and forwarding the route to it but it doesn't work too. 我尝试在专用子网中创建NAT网关并将路由转发给它,但它也无法正常工作。 What as I missing out? 我错过了什么?
2 个解决方案
解决方案1
0 2016-08-20 18:18:56
Silly, but are you by any chance mixing up the default VPC (172.31...) and the VPC you created (10.0...) . 愚蠢,但是您是否有机会将默认VPC(172.31 ...)和您创建的VPC(10.0 ...)混在一起。 So, if you are seeing the route table for the default VPC's one, it is actually for the default subnet(s), which is public by the way! 因此,如果您看到默认VPC的路由表,则实际上是默认子网的路由表,顺便说一下!
解决方案2
0 已采纳 2016-08-23 22:41:14
The mistake i was making was creating two VPC, one for private subnet and one for public. 我犯的错误是创建两个VPC,一个用于私有子网,另一个用于公共子网。 AWS VPC cannot communicate with each other unless Peering is enabled. 除非启用对等,否则AWS VPC无法相互通信。
The notion of private and public subnet is ambiguous at first for a person from networking background. 起初,对于具有网络背景的人来说,专用和公用子网的概念是模棱两可的。 All it actually means, is the logical subnet which will be have resources accessible from internet(like web servers) and local resources like database server(which should be protected from internet). 它实际上意味着的是逻辑子网,该子网将具有可从Internet(如Web服务器)访问的资源以及诸如数据库服务器(应受到Internet保护)的本地资源。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.