堆栈内存溢出
  简体   繁体   English

连接到私有 VPC 的 AWS Lambda 无法启动/停止 EC2 实例

[英]AWS Lambda connected to Private VPC cannot start/stop EC2 instances

 原文  2019-11-26 16:22:06       amazon-web-services/ amazon-ec2/ aws-lambda/ amazon-vpc

问题描述

I have created AWS Lambda to start and stop EC2 instances hosted in private VPC.我创建了 AWS Lambda 来启动和停止私有 VPC 中托管的 EC2 实例。

I could deploy the Lambda function in 'NO VPC' and perform action without any issues.我可以在“无 VPC”中部署 Lambda 函数并执行操作而不会出现任何问题。

But when I deploy the Lambda function in the private VPC (where my EC2 is located) and 2 different subnets (in one of those subnet EC2 is launched) with necessary security group changes, I got timed out error and could not perform actions anymore.但是,当我在私有 VPC(我的 EC2 所在的位置)和 2 个不同的子网(在其中一个子网中启动了 EC2)中部署 Lambda 函数并进行必要的安全组更改时,我遇到了超时错误并且无法再执行操作。

Question: Is it necessary to add a NAT Gateway to Lambda, though there is no requirement of outer internet?问: Lambda不需要外网,是否需要加NAT网关?

If yes, please let me know why.如果是,请告诉我原因。

If no, please let me know what else I have to check to get this process working.如果否,请让我知道我还需要检查什么才能使此过程正常运行。

1 个解决方案

解决方案1
 2  2019-11-27 01:09:32

When making an API call to AWS, the service endpoints are accessible from the Internet.对 AWS 进行 API 调用时,可以从 Internet 访问服务端点 Therefore, issuing a command to Start or Stop an Amazon EC2 instance requires access to the Internet.因此,发出启动或停止 Amazon EC2 实例的命令需要访问 Internet。

If an AWS Lambda function is not configured to use a VPC, then it has access to the Internet by default .如果 AWS Lambda 函数配置为使用 VPC,则默认情况下它可以访问 Internet

If an AWS Lambda function is configured to use a VPC, and that Lambda function needs to access the Internet, then:如果 AWS Lambda 函数配置为使用 VPC,并且该 Lambda 函数需要访问 Internet,则:

  • Configure the Lambda function to use a private subnet配置 Lambda 函数以使用私有子网
  • Launch a NAT Gateway in a public subnet and update the private subnet Route Tables to use the NAT Gateway for Internet-bound traffic在公共子网中启动 NAT 网关并更新私有子网路由表以将 NAT 网关用于 Internet 绑定流量

Alternatively, you could create a VPC Endpoint for EC2 .或者,您可以为 EC2 创建一个 VPC 端点 This allows commands destined for the EC2 service to pass through the VPC Endpoint without going via the Internet.这允许以 EC2 服务为目标的命令通过 VPC 端点,而无需通过 Internet。 This is commonly done for VPCs that have no Internet Gateway (eg Dev/Test VPCs with no public access).这通常用于没有 Internet 网关的 VPC(例如,没有公共访问权限的开发/测试 VPC)。

Finally, have a think about whether the Lambda function actually needs to be connected to a VPC.最后,考虑一下 Lambda 函数是否真的需要连接到 VPC。 If it needs to access within the VPC and access the Internet, then you'll need to use one of the above methods.如果需要在VPC内部访问访问Internet,则需要使用上述方法之一。 However, if it does not require access to the VPC, then do not connect it to the VPC and it will connect to the internet just fine.但是,如果它不需要访问 VPC,则不要将其连接到 VPC,它会很好地连接到 Internet。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS cli:如何停止实例和启动 EC2 实例 - AWS cli: How to stop instances and start EC2 instances 如何使用 AWS Lambda 停止所有空闲的 EC2 实例 - How to stop all idle EC2 instances using AWS Lambda 为从 AMI 运行的 EC2 实例在 VPC.network 中自动配置私有 DNS 解析 - Auto configure private DNS resolve in VPC network for EC2 instances running from AMI 检查用户是否有权启动/停止/重启 ec2 实例 - Check if a user has privilege to start/stop/reboot ec2 instances 如何在私有 VPC 中连接到 EC2? - How to connect to EC2 in private VPC? AWS EC2 启动/停止实例的 IAM 策略 - IAM Policy for AWS EC2 start/stop instance 停止空闲的 ec2 实例 - Stop idle ec2 instances 如何使用 Terraform 从单个 VPC 启动多个 AWS EC2 实例? - How to launch multiple AWS EC2 instances from a single VPC using Terraform? 用于自动启动和停止 AWS EC2 实例的脚本 - Script for automation start and stop AWS EC2 instance 无法启动 Lambda python Boto3 中所有过滤的 ec2 - Cannot start all the filtered ec2 in Lambda python Boto3
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM