[英]AWS Lambda in public subnet cannot access the internet
I'm trying to get a Lambda running inside a public subnet to communicate with the internet.我正在尝试让 Lambda 在公共子网中运行以与 Internet 通信。 I'm able to get the Lambda to hit www.google.com without a VPC (which the docs say runs one behind the scene) but cannot if I run the Lambda in a VPC.
我能够让 Lambda 在没有 VPC 的情况下访问 www.google.com(文档说它在幕后运行),但如果我在 VPC 中运行 Lambda,则不能。
Repro steps:复现步骤:
I've tried modifications of this approach and haven't had any success (eg actually associating the subnet with the vpc, loosening all of settings on the Security Group and Network ACLs).我已经尝试修改这种方法,但没有取得任何成功(例如,实际上将子网与 vpc 相关联,放松安全组和网络 ACL 上的所有设置)。
I originally tried following the one public and one private docs and failed to get that working.我最初尝试遵循一个公共文档和一个私有文档,但未能使其正常工作。
Any ideas?有任何想法吗? Thanks!
谢谢! - Dan
- 丹
const http = require('http');
exports.handler = async (event) => {
return httprequest().then((data) => {
const response = {
statusCode: 200,
body: JSON.stringify(data),
};
return response;
});
};
function httprequest() {
return new Promise((resolve, reject) => {
const options = {
host: 'www.google.com',
path: '/',
port: 80,
method: 'GET'
};
const req = http.request(options, (res) => {
if (res.statusCode < 200 || res.statusCode >= 300) {
return reject(new Error('statusCode=' + res.statusCode));
}
var body = [];
res.on('data', function(chunk) {
body.push(chunk);
});
res.on('end', function() {
try {
body = Buffer.concat(body).toString();
} catch(e) {
reject(e);
}
resolve(body);
});
});
req.on('error', (e) => {
reject(e.message);
});
// send the request
req.end();
});
}
AWS Lambda functions are never assigned a public IP address when in a VPC, even if they are in a public subnet.在 VPC 中,AWS Lambda 函数永远不会被分配公有 IP 地址,即使它们位于公有子网中。 So they can never access the Internet directly when running in a VPC.
所以他们在 VPC 中运行时永远无法直接访问 Internet。 You have to place Lambda functions in a private subnet with a route to a NAT Gateway in order to give them access to the Internet from within your VPC.
您必须将 Lambda 函数放置在一个私有子网中,并带有到 NAT 网关的路由,以便它们能够从您的 VPC 中访问 Internet。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.