外部调用时 Lambda 函数超时
[英]Lambda function timeout on external call
问题描述
I have a Lambda function from which I need to make an external API call.
我有一个 Lambda 函数,我需要从中进行外部 API 调用。 I have added the Lambda function to a security group, a VPC, and 2 subnets, and it gives me this text:我已将 Lambda 函数添加到一个安全组、一个 VPC 和 2 个子网,它为我提供了以下文本:
When you enable VPC, your Lambda function will lose default internet access.
I go into VPC, create a NAT gateway (I let AWS create a EIP), attach it to one of the subnets on my lambda function.我进入 VPC,创建一个 NAT 网关(我让 AWS 创建一个 EIP),将它附加到我的 lambda 函数上的一个子网。
For debugging purposes, my security group outbound functions are set to all traffic/all destinations ( 0.0.0.0/0 ).出于调试目的,我的安全组出站功能设置为所有流量/所有目的地 ( 0.0.0.0/0 )。 Also my Network ACL for this VPC is set to this (with 5 subnets, including the one with the NAT gateway):此 VPC 的我的网络 ACL 也设置为此(有 5 个子网,包括带有 NAT 网关的子网):
100 | ALL Traffic | ALL | ALL | 0.0.0.0/0 | ALLOW
A route table with the same 2 subnets is on the VPC, with the 0.0.0.0/0 route set to target the NAT gateway. VPC 上有一个具有相同 2 个子网的路由表,其中0.0.0.0/0路由设置为以 NAT 网关为目标。
A different route table with 3 other subnets is also on the VPC, with the 0.0.0.0/0 route set to target the internet gateway. VPC 上还有一个包含 3 个其他子网的不同路由表,其中0.0.0.0/0路由设置为以互联网网关为目标。
Both route tables have the same local destination IP (the IP for the VPC).两个路由表具有相同的local目标 IP(VPC 的 IP)。
The error I get is:我得到的错误是:
{ Error: connect ETIMEDOUT x.x.x.x:443
at Object.exports._errnoException (util.js:1018:11)
at exports._exceptionWithHostPort (util.js:1041:20)
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1090:14)
code: 'ETIMEDOUT',
errno: 'ETIMEDOUT',
syscall: 'connect',
address: 'x.x.x.x',
port: 443 }
The node code I am running works on my desktop node environment, and the POST call works in postman, so I am fairly certain this is problem with my AWS config.我正在运行的节点代码在我的桌面节点环境中运行,而 POST 调用在邮递员中运行,所以我相当确定这是我的 AWS 配置的问题。
I have been using this scenario as a resource: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html我一直在使用这个场景作为资源: http ://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html
1 个解决方案
解决方案1
12 已采纳 2017-04-27 23:54:08
I go into VPC, create a NAT gateway (I let AWS create a EIP), attach it to one of the subnets on my lambda function.
That is where gou went wrong.这就是苟错的地方。
The NAT Gateway must not be attached to any of the subnets it serves. NAT 网关不得附加到它所服务的任何子网。 The NAT Gateway must be on a public subnet with a default route to the Internet Gateway. NAT 网关必须位于具有到 Internet 网关的默认路由的公共子网上。
A NAT Gateway's default route follows the default route of the route table of the subnet to which it is attached, to reach the Internet. NAT 网关的默认路由遵循其所属子网路由表中的默认路由到达互联网。 If it's associated with a subnet that needs a NAT Gatway, its default route loops back on itself.如果它与需要 NAT 网关的子网相关联,则其默认路由会自行环回。
Then, all subnets associated with Lambda need to use a route table whose default route points to the NAT Gateway.然后,所有与 Lambda 关联的子网都需要使用一个路由表,其默认路由指向 NAT 网关。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.