如何在专用 EC2 服务器上执行 Amazon Lambda 功能？

Question

I am currently developing the backend for my app based on Amazon Web Services. I pretended to use DynamoDB to store the user's data, but finally opted for MongoDB, which I have already installed in my EC2 instance.

I have some code written in Python to update/query... the DB, so that when a Cognito event triggers my lambda function, this code is directly executed on my instance so I can access my DB. Any ideas how can I accomplish this?

Answer 1

As mentioned by Gustavo Tavares , "the whole point of lambda is to run code without the need to deploy EC2 instances" . And you do not have to put your EC2 with database to "public" su.nets for Lambda to access them. Actually, you should never do that.

When creating/editing Lambda configuration you may select to run it in any of you VPCs (Configuration -> Advanced Settings -> VPC). Then select Su.net(s) to run your Lambda in. This will create ENIs (Elastic Network Interface) for the virtual machines you Lambdas will run on.

Your su.nets must have Routing/ACL configured to access the su.nets where Database resides. At least one of the SecurityGroups associated with Lambda must also have Outbound traffic allowed to the Database su.net on appropriate ports (27017).

Since you mentioned that your Lambdas are "back-end" then you should probably put them in the same "private" su.nets as your MongoDB and avoid any access/routing headache.

Answer 2

One way to accomplish this is to give the Lambda a SAM Template, then use sam local invoke inside of the EC2 instance to execute locally.

OK BUT WHY OH WHY WOULD ANYONE DO THIS?

If your Lambda requires access to both a VPC and the Inte.net, and doesn't use a lot of memory and doesn't really require scalability, and you already wrote the code (*) , it's actually 10x cheaper(**) and higher-performing to launch a t3.nano EC2 Spot Instance on a public su.net than to add a NAT Gateway to the Lambda function.

(*) if you have not written the code yet, don't even bother to make it a Lambda.

(**) 10x cheaper as in $3 vs $30, so this really only applies to hobbyist projects on a shoestring budget. Don't do this at work, because the cost of engineers' time to manage and maintain an EC2 instance will far exceed $30/month over the long term.

Answer 3

If you want Lambda to execute code on your ec2-instances you'll need to use the SDK for the language you're writing your lambda in. Then you can simply use the AWS API to run commands on your EC2 instance.

See: http://docs.aws.amazon.com/systems-manager/latest/userguide/run-command.html

Answer 4

I think you misunderstood the idea of AWS lambda.

The whole point of lambda is to run code without the need to deploy EC2 instances. You upload the code and the infrastructure is provisioned on the fly. If your application does not need the infrastructure anymore (after a brief period), it vanishes and you will not be charged for the idle time. If you need it again a new infrastructure is provisioned.

If you have a service, like your MongoDB, running in EC2 instances your lambda functions can access it like any other code. You just need configure your lambda code to connect to the EC2 instance, like you would be doing if your database were installed in any other inte.net faced server.

For example: You can put your MongoDB server in a public su.net of your VPC and assign an elastic IP for your server. In your Python lambda code you configure your driver to connect to this elastic IP and update the database.

It will work like every service were deployed in different servers across inte.net: Cognito connect to Lambda functions across inte.net and then the python code deployed in lambda connect to your MongoDB across inte.net.

If I can give you an advice, try DynamoDB a little more. With DynamoDB it will be even more simple to make all this work, because you will not need to configure a public su.net and request an elastic IP. And the API for DynamoDB is not very different of the MongDB API.