为什么 AWS Lambda 会因凭证错误而超时？

Question

While debugging Python 3 code in AWS Lambda, I notice that it times out a lot. It seems like this happens when I make an unauthorized API call or a resource doesn't exist. For example, a simple Lambda function:

import boto3
def lambda_handler(event, context):
  aws = boto3.Session(region_name='us-west-1')
  s3 = aws.resource('s3')
  obj = s3.Object('mybucket', 'secretfile.xml')
  print(obj.get())

On my local machine, the code throws an exception:

botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the GetObject operation: Access Denied

So why does Lambda time out instead of throwing the same exception?

Answer 1

Check your CloudWatch logs. Are you certain you aren't seeing different issues on localhost than on Lambda? If it is only timing out some of the time, but not all the time, that may indicate that you have a problem with your security. Lambda uses an ephemeral port range for its calls (see https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html#nacl-ephemeral-ports ), so it is possible whatever you are calling is only allowing communication on some ports, but not all. So when it happens to use an allowed port it works, but when it uses an disallowed port you get timeouts. You would need to check the security groups and NACLS for whatever your lambda is calling to ensure that they allow the full ephemeral port range Lambda may use for calls.

Many boto3 calls will retry with exponential backoff, and that could contribute to timeouts ( https://github.com/boto/botocore/issues/864 may give some insights)

I am making a lot of assumptions about what your lambda may be doing or calling, though, so you may need to add more detail about your function to get more precise responses.

Answer 2

It is due to syntax error, refer to link

Correct syntax should be:

aws = boto3.session.Session(region_name='us-west-1')