堆栈内存溢出
  简体   繁体   English

AWS Lambda 无法访问从 MobileHub 创建的资源

[英]AWS Lambda can't reach resources created from MobileHub

 原文  2017-02-28 17:03:04       amazon-web-services/ aws-lambda/ aws-mobilehub/ aws-vpc

问题描述

I am having an issue accessing resources created in MobileHub from Lambda and that does not make sense for me at all.. I have two questions (maybe it is the same question..):我在从Lambda访问MobileHub 中创建的资源时遇到问题,这对我来说根本没有意义..我有两个问题(也许是同一个问题..):

  1. Why lambda can't access all resources created by MobileHub when it has fullAccess permissions to those specific resources?当 lambda 对这些特定资源具有完全访问权限时,为什么它无法访问 MobileHub 创建的所有资源? I mean, if I create those resources separately I can access them but not created ones from MobileHub..我的意思是,如果我单独创建这些资源,我可以访问它们,但不能访问从 MobileHub 创建的资源。

  2. Is there a way to grant access to these resources or am I missing something?有没有办法授予对这些资源的访问权限,或者我错过了什么?

Update更新

The issue was VPC .问题是VPC Basically when I enabled VPC on lambdas to reach rds which have no public access I couldn't reach any other resources, when I disabled it - RDS was unreachable.基本上,当我在 lambdas 上启用 VPC 以访问没有公共访问权限的 rds 时,我无法访问任何其他资源,当我禁用它时 - RDS 无法访问。 The question is how to combine vpc with role policies?问题是如何将 vpc 与角色策略结合起来?

1 个解决方案

解决方案1
 1  2017-03-01 00:39:20

You can find the resources associated with your project using the left-side navigation in the Mobile Hub console and select "Resources."您可以使用 Mobile Hub 控制台中的左侧导航找到与您的项目关联的资源,然后选择“资源”。 If you want to enable your AWS Lambda functions to be able to make use of any AWS resources, then you'll need to add an appropriate IAM Policy to the Lambda Execute IAM Role.如果您希望您的 AWS Lambda 函数能够使用任何 AWS 资源,那么您需要向 Lambda 执行 IAM 角色添加适当的 IAM 策略。 You can find this role in your project on the "Resources" page under "AWS Identity and Access Management Roles."您可以在“AWS Identity and Access Management Roles”下的“Resources”页面上的项目中找到此角色。 It is the role that has "lambdaexecutionrole" in the name.它是名称中带有“lambdaexecutionrole”的角色。 Select this role then attach whatever policies you like in the IAM (Identity and Access Management) console.选择此角色,然后在 IAM(身份和访问管理)控制台中附加您喜欢的任何策略。

For more information on how to attach roles to polices, see:有关如何将角色附加到策略的更多信息,请参阅:
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_modify.html http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_modify.html

And, if you have further problems, you can get help from the AWS community in the forums, here:而且,如果您有进一步的问题,您可以在论坛中从 AWS 社区获得帮助,这里:
https://forums.aws.amazon.com/forum.jspa?forumID=88 https://forums.aws.amazon.com/forum.jspa?forumID=88


**Update - WRT VPC Question** **更新 - WRT VPC 问题**
This question should really go to an expert on the AWS Lambda team. 这个问题真的应该问 AWS Lambda 团队的专家。 You can reach them in the AWS Forums (link above). 您可以在 AWS 论坛(上面的链接)中与他们联系。 However, I'll take a shot at answering (AWS Lambda experts feel free to chime in if I'm wrong here). 但是,我会尝试回答(如果我在这里错了,AWS Lambda 专家可以随时插话)。 When you set the VPC on the Lambda function, I expect that any network traffic coming from your Lambda function will have the same routing and domain name resolution behavior as anything else in your VPC. 当您在 Lambda 函数上设置 VPC 时,我希望来自您的 Lambda 函数的任何网络流量都将具有与 VPC 中其他任何内容相同的路由和域名解析行为。 So, if your VPC has firewall rules which prevent traffic from the VPC to, for example, DynamoDB, then you won't be able to reach it. 因此,如果您的 VPC 具有阻止流量从 VPC 到例如 DynamoDB 的防火墙规则,那么您将无法访问它。 If that is the case, then you would need to update those rules in your VPC's security group(s) to open up out-going traffic. 如果是这种情况,则您需要更新 VPC 安全组中的这些规则以开放出站流量。 Here's a blurb from a relevant document. 这是相关文件的简介。

From https://aws.amazon.com/vpc/details/: 来自 https://aws.amazon.com/vpc/details/:
*AWS resources such as Elastic Load Balancing, Amazon ElastiCache, Amazon RDS, and Amazon Redshift are provisioned with IP addresses within your VPC. *AWS 资源(例如 Elastic Load Balancing、Amazon ElastiCache、Amazon RDS 和 Amazon Redshift)使用您的 VPC 内的 IP 地址进行配置。 Other AWS resources such as Amazon S3 and Amazon DynamoDB are accessible via your VPC's Internet Gateway, NAT gateways, VPC Endpoints, or Virtual Private Gateway.* 其他 AWS 资源(例如 Amazon S3 和 Amazon DynamoDB)可通过您的 VPC 的 Internet 网关、NAT 网关、VPC 终端节点或虚拟专用网关访问。*

This doc seems to explain how to configure the gateway approach: 该文档似乎解释了如何配置网关方法:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS lambda功能无法访问互联网 - AWS lambda function can't reach the internet AWS MobileHub指令不清楚 - AWS MobileHub instructions not clear AWS Lambda 无法从 Lambda 层找到 pyyaml - AWS Lambda can't find pyyaml from Lambda layer 如何通过忽略未使用的资源从 aws cli 创建 aws java lambda function? - how can i create the aws java lambda function from aws cli by ignoring unused resources? AWS Lambda无法从VPC内部访问内部服务器 - AWS Lambda cannot reach internal servers from within VPC AWS ubuntu实例无法到达全世界 - AWS ubuntu instance can't reach the world 在AWS Lambda中释放资源 - Release of resources in AWS Lambda AWS Lambda达到内存限制 - AWS Lambda reach memory limit 无法从 python aws lambda 函数中运行二进制文件 - Can't run binary from within python aws lambda function 无法从 AWS Lambda 函数获取 AppConfig 的配置文件 - Can't get configuration profile of AppConfig from AWS Lambda function
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM