如何在AWS Lambda中运行AWS开发工具包Opsworks命令？

Question

I've got a very simple lambda function trying to use the AWS SDK to call opsworks.describeInstances. The code executes locally fine, however inside lambda, it times out with no error or feedback.

var AWS = require('aws-sdk');
var opsworks = new AWS.OpsWorks({
    apiVersion: 'latest',
    region: "us-east-1"
});
exports.handler = function(event, context, callback) {
    var params = {
        LayerId: 'idoflayer'
    };
    opsworks.describeInstances(params, function(err, data) {
        if (err) {
            return callback(err);
        }
        callback(null, data);
    });
};

The lambda policy is:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "opsworks:CreateDeployment",
                "opsworks:DescribeDeployments",
                "opsworks:DescribeLayers",
                "opsworks:DescribeInstances"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

I've increased both memory and timeout. The logs only show that function is being called, no output. The monitoring of the lambda function shows Invocation errors, but I think this is just due to the timeout. I'm running this in us-west-2, but I've also tried running it in us-east-1, same result.

Any ideas? I'd love to use lambda to monitor and manage OpsWorks.

Answer 1

To solve, I just removed the custom VPC settings, since the function was only trying to access the AWS Opsworks API. Also noticed this inside the documentation:

When you enable VPC, your Lambda function will lose default internet access. If you require external internet access for your function, ensure that your security group allows outbound connections and that your VPC has a NAT gateway.

Since Lambda bundles the SDK to be available inside functions and access is determined by IAM policies, it is a little confusing that you still need external access to the internet to use the API.