堆栈内存溢出
  简体   繁体   English

具有 VPC 配置并使用 aws-sdk 的 AWS Lambda 函数给出超时异常

[英]AWS Lambda function that has VPC configuration and uses aws-sdk gives timeout exception

 原文  2020-11-24 15:40:12       amazon-web-services/ networking/ aws-lambda/ amazon-vpc/ amazon-quicksight

问题描述

I have a AWS Lambda function that uses a VPC configuration (with public subnets) to connect to a database, also the function needs to access QuickSight using AWS SDK.我有一个 AWS Lambda 函数,它使用 VPC 配置(带有公共子网)连接到数据库,该函数还需要使用 AWS SDK 访问 QuickSight。 The connection to the database works but when using aws sdk to access quicksight it gives a timeout exception.与数据库的连接有效,但在使用 aws sdk 访问 quicksight 时会出现超时异常。 From what I understood the aws sdk requires internet connection (because it is an API).据我了解,aws sdk 需要互联网连接(因为它是一个 API)。 Shouldn't the public subnets give access to the internet and solve the problem or am I missing something?公共子网不应该允许访问互联网并解决问题还是我遗漏了什么?

The QuickSight also has a VPC configuration where I set a security group with an inbound rule to allow access from the security group used by lambda function (not sure if this helps/is relevant). QuickSight 还有一个 VPC 配置,我在其中设置了一个带有入站规则的安全组,以允许来自 lambda 函数使用的安全组的访问(不确定这是否有帮助/相关)。

1 个解决方案

解决方案1
 0 已采纳  2020-11-24 15:47:39

Since AWS Lambda functions running inside a VPC are never assigned a public IP address, regardless of your VPC's settings, placing them in a public subnet actually prevents the Lambda function from accessing anything outside of the VPC.由于在 VPC 内运行的 AWS Lambda 函数永远不会被分配公有 IP 地址,无论您的 VPC 的设置如何,将它们放置在公有子网中实际上可以防止 Lambda 函数访问 VPC 之外的任何内容。 The only way to give a Lambda function access to both the VPC and the Internet is to run it in a private subnet with a route to a NAT Gateway .让 Lambda 函数同时访问 VPC 和 Internet 的唯一方法是在私有子网中运行它,并带有到 NAT 网关的路由

For some AWS services you can use AWS PrivateLink instead, but QuickSight isn't on the list of PrivateLink services (yet) so that isn't an option here.对于某些 AWS 服务,您可以改用 AWS PrivateLink,但 QuickSight 尚未出现在PrivateLink 服务列表中,因此此处不提供此选项。

Also, regarding your QuickSight VPC settings, as far as I understand that is only for allowing outbound QuickSight connections to resources in your VPC.此外,关于您的 QuickSight VPC 设置,据我所知,这仅用于允许出站 QuickSight 连接到您的 VPC 中的资源。 When something interacts with QuickSight it is actually interacting with the AWS API, not something in the VPC, so the inbound rules in your QuickSight security group are meaningless.当某些内容与 QuickSight 交互时,它实际上是在与 AWS API 交互,而不是 VPC 中的内容,因此 QuickSight 安全组中的入站规则毫无意义。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 NodeJS 的 AWS Lambda 函数中的 AWS-SDK 加载错误 - AWS-SDK Load Error in AWS Lambda function using NodeJS stopDBCluster(Aurora)不是函数aws-sdk javascript lambda - stopDBCluster (Aurora) not a function aws-sdk javascript lambda 如何包含在 lambda function javascript aws-sdk 中? - How to include in the lambda function javascript aws-sdk? Lambda function 查询 AWS Athena 给出超时 - Lambda function to query AWS Athena gives timeout 用于 Lambda 的 aws-sdk 不是最新的? - aws-sdk for Lambda not up to date? lambda 层是否包含 aws-sdk - does lambda layer include aws-sdk Ruby on Rails - AWS-SDK配置文件 - Ruby on Rails - AWS-SDK configuration file AWS Lambda函数未加入VPC - AWS Lambda Function not joining VPC 从 Lambda function 向 AWS IoT 发布消息不适用于 aws-sdk - Publishing message from Lambda function to AWS IoT is not working with aws-sdk AWS Lambda + VPC 弹性 IP 超时 - AWS Lambda + VPC Elastic IP Timeout
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM