将AWS Lamba上的Python / Zappa项目连接到Mongodb Atlas
[英]Connecting a Python/Zappa Project on AWS Lamba to Mongodb Atlas
问题描述
Are there any gotchas I'm missing to set up a Zappa project on AWS with Mongodb Atlas? 
使用Mongodb Atlas在AWS上设置Zappa项目是否有任何遗漏? I started following the guide on this page and have branched out to various other resources since: https://docs.atlas.mongodb.com/security-vpc-peering/ 我开始关注此页面上的指南,并从那以后扩展到各种其他资源: https : //docs.atlas.mongodb.com/security-vpc-peering/
I have a VPC peered with my Atlas Cluster. 我有一个VPC与我的Atlas集群对等。 Both sides say the connection is Active. 双方都说连接是活跃的。
I have a Route Table with 2 routes: 我有一个路由表有2条路线:
Destination: <My VPC CIDR> Target: local
Destination: <My Atlas CIDR> Target: <My Atlas Peering ID>
The Route Table's VPG has Propogate set to True, but none of the Routes are Propogated. 路由表的VPG将Propogate设置为True,但没有任何路由被传播。
There are 4 Subnets associated with that Route Table. 有4个子网与该路由表相关联。
All 4 Subnets and the VPC are connected to the Zappa Function on Lambda. 所有4个子网和VPC都连接到Lambda上的Zappa功能。
Also connected to the Function are a very liberal Execution Role and Security Group. 连接到Function的是一个非常自由的执行角色和安全组。
The Security Group and VPC CIDR are both Active on Atlas' IP Whitelist page. 安全组和VPC CIDR都在Atlas的IP白名单页面上处于活动状态。
There is also a Network ACL associated with all 4 Subnets with very liberal Inbound and Outbound Rules. 还有一个与所有4个子网相关联的网络ACL,具有非常自由的入站和出站规则。
The Atlas Cluster and AWS Region are the same. Atlas Cluster和AWS Region是相同的。
I tried Whitelisting all IPS and that did not work 我尝试将所有IPS列入白名单,但这不起作用
The API Gateway does not have a VPC Link, no NLB's exist (Is that strictly an EC2 thing? The plan is to deploy on Lambda and since I'm in early dev I don't have a Certificate to select yet.) API网关没有VPC链接,没有NLB存在(严格来说是EC2吗?计划是在Lambda上部署,因为我在早期开发时我还没有要选择的证书。)
1 个解决方案
解决方案1
0 已采纳 2019-06-23 00:17:52
The gotcha ended up being that my Atlas Tier did not support Peering Connections. 问题最终是因为我的Atlas Tier不支持Peering Connections。
Here are two other solutions, both of which send traffic across the internet instead of within AWS. 以下是另外两个解决方案,这两个解决方案都通过互联网而不是AWS内部发送流量。
1: 1:
Whitelist all IPs (add 0.0.0.0/0) in MongoDB Atlas. 将所有IP列入白名单(添加0.0.0.0/0)在MongoDB Atlas中。
2: 2:
On your VPC Dashboard: 在您的VPC仪表板上:
Attach an Internet Gateway to your VPC. 将Internet网关连接到您的VPC。
Create a new EIP. 创建一个新的EIP。
Create a Public Subnet and a Private Subnet. 创建公共子网和私有子网。 (By this I mean include 'public' and 'private' in the name. We will actually make them public and private when we associate Routing Tables later). (我的意思是在名称中包含'public'和'private'。当我们稍后将路由表关联起来时,我们实际上将它们设为公共和私有)。
Create a NAT Gateway and connect it to the EIP and the Public Subnet. 创建NAT网关并将其连接到EIP和公共子网。
Create a Private Routing Table which routes all traffic to the NAT Gateway (keep the existing route from your VPC CIDR to local). 创建专用路由表,将所有流量路由到NAT网关(将现有路由从VPC CIDR保留到本地)。
Create a Public Routing Table which routes all traffic to the Internet Gateway (keep the existing route from your VPC CIDR to local). 创建公共路由表,将所有流量路由到Internet网关(将现有路由从VPC CIDR保留到本地)。
Associate your Public Subnet to the Public Routing Table and your Private Subnet to the Private Routing Table. 将您的公共子网与公共路由表以及您的私有子网关联到专用路由表。
Create a Network ACL and associate with any Subnets if needed. 创建网络ACL并根据需要与任何子网关联。
On your Lamda Function Dashboard: 在您的Lamda功能仪表板上:
Associate your VPC. 关联您的VPC。
Associate your Private Subnet. 关联您的私人子网。
Associate any Security Groups if needed. 如果需要,关联任何安全组。
On your MongoDB Atlas Dashboard: 在MongoDB Atlas仪表板上:
Whitelist your EIP in MongoDB Atlas. 在MongoDB Atlas中将您的EIP列入白名单。
Note: Amazon charges you for the NAT Gateway. 注意:亚马逊向您收取NAT网关的费用。 That's the only non-free part of this if you are on the free tier. 如果您在免费级别,这是唯一的非自由部分。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.