跨区域调用 AWS lambda
[英]Invoke an AWS lambda across regions
问题描述
I have three lambda functions: boss, worker1, worker2.
我有三个 lambda 函数:boss、worker1、worker2。 When using boto3.client.invoke I am able to call worker1 from boss.使用 boto3.client.invoke 时,我可以从老板那里呼叫 worker1。 These two are in the same region.这两个在同一个地区。
worker2 is in a separate region. worker2 位于一个单独的区域。 When attempting to call worker2 from boss the following error returns:尝试从老板调用 worker2 时,返回以下错误:
"An error occurred (ResourceNotFoundException) when calling the Invoke operation: Functions from 'us-east-1' are not reachable in this region ('us-west-2')" . “调用 Invoke 操作时发生错误 (ResourceNotFoundException):在此区域 ('us-west-2') 中无法访问来自 'us-east-1' 的函数”。 boss has an execution role with the following permission: boss 具有执行角色,具有以下权限:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": "arn:aws:lambda:*:*:*"
}
]
}
Please help clarify how permissions need to be conveyed for this to work.请帮助澄清需要如何传达权限才能使其工作。 Thanks谢谢
Edit: master and worker1 are in us-west-2 and worker1 is in us-east-1.编辑:master 和 worker1 在 us-west-2 中,worker1 在 us-east-1 中。
Here is the code used to invoke worker from master:这是用于从 master 调用 worker 的代码:
def lambda_handler(event, context):
function_name = "arn:aws:lambda:us-east-1-...:function:worker_2"
lambda_client = boto3.client('lambda')
payload = json.dumps({"body-json": "payload string")
response = lambda_client.invoke(
FunctionName = function_name,
Payload = payload
)
response_payload = response['Payload'].read()
response_arr = json.loads(response_payload)
return response_arr['answer']
3 个解决方案
解决方案1
18 2018-01-17 20:13:24
Thank you everyone for the input.谢谢大家的意见。 @Michael-sqlbot's comment about the AWS client library defaulting to sending requests to the local region is what helped me find the solution. @Michael-sqlbot 关于 AWS 客户端库默认向本地区域发送请求的评论帮助我找到了解决方案。 For Python, the library is boto3.对于 Python,库是 boto3。 Having read the docs it was not clear how to set the region.阅读文档后,不清楚如何设置区域。 It was this blog post that provided the (simple) answer:正是这篇博客文章提供了(简单的)答案:
client = boto3.client('lambda', region_name='us-west-2')
You are right Michael that the use case for one lambda to another between regions is convoluted.您是对的 Michael,区域之间从一个 lambda 到另一个 lambda 的用例是复杂的。 I'll leave this answer here in case any others who are new to boto3 encounter the same error when trying to get other resources (lambda to ec2, lambda to s3, etc) to work across regions.如果任何其他不熟悉 boto3 的人在尝试获取其他资源(从 lambda 到 ec2、从 lambda 到 s3 等)跨区域工作时遇到相同的错误,我将在此处留下这个答案。
Thanks谢谢
解决方案2
0 2018-01-14 22:23:45
You need to set the region of worker2 lambda function as follow:您需要设置worker2 lambda 函数的区域如下:
arn:aws:lambda:us-east-1-...:function:worker_2
So, the code would look:因此,代码将如下所示:
function_name = "arn:aws:lambda:us-east-1-...:function:worker_2"
lambda_client = boto3.client('lambda')
payload = json.dumps({"body-json": "payload string")
response = lambda_client.invoke(
FunctionName = function_name,
Payload = payload
)
Great, now you need to grant permissions to your Lambda master through the IAM role of master lambda function.太好了,现在您需要通过master lambda 函数的 IAM 角色向您的 Lambda master授予权限。
+ suggestion + 建议
You could create an API Gateway endpoint who executes a lambda function in region us-east-1 .您可以创建一个 API 网关端点,该端点在us-east-1区域中执行 lambda 函数。 This endpoint could be executed only with a specific API Key to provide a layer of security.此端点只能使用特定的 API 密钥执行以提供安全层。
And from master lambda function execute a request to that endpoint.并从master lambda 函数执行对该端点的请求。
Resource资源
解决方案3
-1 2021-01-18 12:15:13
let lambda = new AWS.Lambda({region: region})之后你应该做lambda.invoke ,它会lambda.invoke !
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.