公有子网中的 AWS Lambda 无法访问 Internet
[英]AWS Lambda in public subnet cannot access the internet
问题描述
I'm trying to get a Lambda running inside a public subnet to communicate with the internet.
我正在尝试让 Lambda 在公共子网中运行以与 Internet 通信。 I'm able to get the Lambda to hit www.google.com without a VPC (which the docs say runs one behind the scene) but cannot if I run the Lambda in a VPC.我能够让 Lambda 在没有 VPC 的情况下访问 www.google.com(文档说它在幕后运行),但如果我在 VPC 中运行 Lambda,则不能。
Repro steps:复现步骤:
- Create a Lambda (Node.js 12x) with the follow code.使用以下代码创建一个 Lambda (Node.js 12x)。 I named the Lambda 'curlGoogle'.我将 Lambda 命名为“curlGoogle”。
- Run it to verify it succeeds and can fetch from www.google.com.运行它以验证它是否成功并且可以从 www.google.com 获取。 There should be no VPC specified.不应指定 VPC。
- Go to the VPC Dashboard and use the VPC Wizard to create a VPC with a public subnet.转到 VPC 仪表板并使用 VPC 向导创建具有公有子网的 VPC。 I've tried a view values for IPv4 CIDR block (eg 10.1.0.0/16), IPv6 CIDR block, AZ.我已经尝试了 IPv4 CIDR 块(例如 10.1.0.0/16)、IPv6 CIDR 块、AZ 的视图值。 I usually leave 'Enable DNS hostnames' to Yes.我通常将“启用 DNS 主机名”保留为“是”。
- Change the Lambda to use the newly created VPC, Subnet and Security Group.更改 Lambda 以使用新创建的 VPC、子网和安全组。
- Verify this does not reach Google and times out.验证这不会到达 Google 并超时。
I've tried modifications of this approach and haven't had any success (eg actually associating the subnet with the vpc, loosening all of settings on the Security Group and Network ACLs).我已经尝试修改这种方法,但没有取得任何成功(例如,实际上将子网与 vpc 相关联,放松安全组和网络 ACL 上的所有设置)。
I originally tried following the one public and one private docs and failed to get that working.我最初尝试遵循一个公共文档和一个私有文档,但未能使其正常工作。
Any ideas?有任何想法吗? Thanks!谢谢! - Dan - 丹
const http = require('http');
exports.handler = async (event) => {
return httprequest().then((data) => {
const response = {
statusCode: 200,
body: JSON.stringify(data),
};
return response;
});
};
function httprequest() {
return new Promise((resolve, reject) => {
const options = {
host: 'www.google.com',
path: '/',
port: 80,
method: 'GET'
};
const req = http.request(options, (res) => {
if (res.statusCode < 200 || res.statusCode >= 300) {
return reject(new Error('statusCode=' + res.statusCode));
}
var body = [];
res.on('data', function(chunk) {
body.push(chunk);
});
res.on('end', function() {
try {
body = Buffer.concat(body).toString();
} catch(e) {
reject(e);
}
resolve(body);
});
});
req.on('error', (e) => {
reject(e.message);
});
// send the request
req.end();
});
}
1 个解决方案
解决方案1
2 已采纳 2020-02-08 01:37:42
AWS Lambda functions are never assigned a public IP address when in a VPC, even if they are in a public subnet.在 VPC 中,AWS Lambda 函数永远不会被分配公有 IP 地址,即使它们位于公有子网中。 So they can never access the Internet directly when running in a VPC.所以他们在 VPC 中运行时永远无法直接访问 Internet。 You have to place Lambda functions in a private subnet with a route to a NAT Gateway in order to give them access to the Internet from within your VPC.您必须将 Lambda 函数放置在一个私有子网中,并带有到 NAT 网关的路由,以便它们能够从您的 VPC 中访问 Internet。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.