“无vpc” AWS Lambda访问VPC中的RDS
[英]'no vpc' AWS Lambda accessing RDS in VPC
问题描述
I have a lambda connected to an API gateway; 
我有一个lambda连接到API网关; it's deployed using sls and works great. 它使用sls部署,效果很好。 However, it's datastore is an Aurora that is in the default VPC and is set to public. 但是,它的数据存储区是默认VPC中的Aurora,并设置为public。 This is less than ideal, security-wise. 从安全角度来看,这不理想。
I have, in the past, set up Auroras in their own VPC on private subnets and had ec2s in that VPC easily access it. 过去,我已经在私有子网中的自己的VPC中设置了Auroras,并在该VPC中安装了ec2,可以轻松访问它。 However, all of the material I have read about getting a lambda to use a VPC RDS states that the lambda itself should also reside in the VPC. 但是,我读过的所有有关使用lambda来使用VPC的资料RDS都指出lambda本身也应该驻留在VPC中。
This concerns me because of the cold start issue. 由于冷启动问题,这使我感到担忧。 So, my questions are: 因此,我的问题是:
Is there a way for my 'no vpc' lambda to access an Aurora RDS that
我的“无vpc” lambda是否可以访问Aurora RDS,
lives in its own VPC without putting the lambda into the VPC itself?住在自己的VPC中而不将Lambda放入VPC本身? There has been talk for some time that aws will be addressing the lambda VPC 'cold start' issue soon.
一段时间以来,一直有人在谈论aws将很快解决lambda VPC“冷启动”问题。 Do we know when that is anticipated to happen? 我们知道何时会发生这种情况吗? Will existing lambdas benefit from this change once it is instituted? 一旦实施,现有的lambda会从中受益吗? Is there some other method of securing a public RDS to restrict access to only my lambda (besides the obvious user/pass credentials)?
是否有其他保护公共RDS的方法来限制仅访问我的lambda(明显的用户/密码)?
Thanks in advance 提前致谢
1 个解决方案
解决方案1
1 已采纳 2019-04-29 20:15:48
1. Is there a way for my 'no vpc' lambda to access an Aurora RDS that lives in its own VPC without putting the lambda into the VPC itself? 1.我的“无vpc” lambda是否可以访问驻留在其自己的VPC中的Aurora RDS,而无需将lambda放入VPC本身?
No, if your RDS instance is not publicly accessible then your Lambda must be deployed in your VPC. 不可以,如果您的RDS实例不可公开访问,则必须将Lambda部署在VPC中。
2. There has been talk for some time that AWS will be addressing the lambda VPC 'cold start' issue soon. 2.一段时间以来,人们一直在谈论AWS将很快解决lambda VPC“冷启动”问题。 Do we know when that is anticipated to happen? 我们知道何时会发生这种情况吗? Will existing lambdas benefit from this change once it is instituted? 一旦实施,现有的lambda会从中受益吗?
I don't think that a specific timeline has been officially communicated for this feature. 我认为尚未为此功能正式传达特定的时间表。 Existing Lambda functions will obviously benefit from this change (after all, Lambda functions are just code that is continuously redeployed on containers). 现有的Lambda函数显然将从此更改中受益(毕竟,Lambda函数只是不断在容器上重新部署的代码)。 Information about the new architecture: AWS Lambda in a VPC Will Soon be Much Faster 有关新架构的信息: VPC中的AWS Lambda很快会更快
3. Is there some other method of securing a public RDS to restrict access to only my Lambda (besides the obvious user/pass credentials)? 3.是否有其他保护公共RDS的方法来限制仅对我的Lambda的访问(除了明显的用户/通过凭据)?
You can use IAM Database Authentication with Aurora. 您可以将IAM数据库身份验证与Aurora一起使用。 With this method, authentication is managed externally using IAM. 使用此方法,可以使用IAM在外部管理身份验证。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.