堆栈内存溢出
  简体   繁体   English

如何在 VPC 内连接 AWS lambda 以连接到 cloudformation 堆栈?

[英]How can I connect an AWS lambda inside a VPC to connect to a cloudformation stack?

 原文  2022-08-15 14:07:11       amazon-web-services/ aws-lambda/ amazon-cloudformation

问题描述

current situation:现在的情况:

I'm developing an AWS lambda that would launch an EC2 instance through a cloud formation stack.我正在开发一个 AWS lambda,它将通过云形成堆栈启动 EC2 实例。 I've deployed it inside a VPC, and thus had created endpoints to give it access to ressources such as S3/DynamoDB.我已将其部署在 VPC 中,因此创建了端点以使其能够访问 S3/DynamoDB 等资源。 However I cannot find any endpoints for the cloud formation, and as a result my function gets stucked at:但是我找不到云形成的任何端点,因此我的 function 卡在:
Starting new HTTPS connection (1): cloudformation.ap-south-1.amazonaws.com:443

update 1更新 1

Here is the snippet of code I'm using to connect to cloudformation:这是我用来连接到 cloudformation 的代码片段:

self.cfn = session.resource('cloudformation')

 stackdata = self.cfn.create_stack(
        StackName="STACK-{}".format(instance_name),
        DisableRollback=True,
        TemplateURL=constants.TEMPLATE_TYPE[instance_type],
        Parameters=params,
        Capabilities=['CAPABILITY_IAM', 'CAPABILITY_AUTO_EXPAND','CAPABILITY_NAMED_IAM']  
        )

Please be noted that my code works just fine in a none-VPC setup (if I deploy my lambda outside of a VPC)请注意,我的代码在非 VPC 设置中运行良好(如果我将 lambda 部署在 VPC 之外)

Could anyone help me try to figure out what I'm missing here?谁能帮我弄清楚我在这里缺少什么?

1 个解决方案

解决方案1
 0  2022-08-15 15:07:42

Lambda function that is deployed to the VPC doesn't have access to the internet.部署到 VPC 的 Lambda function 无法访问 Internet。 That means that it's not able to access any of the AWS services endpoints unless you do one of two things:这意味着它无法访问任何 AWS 服务端点,除非您执行以下两项操作之一:

  1. create a VPC endpoint for that service为该服务创建 VPC 终端节点
  2. Add NAT Gateway so Lambda function can use it to access internet添加 NAT 网关,以便 Lambda function 可以使用它访问互联网

You add NAT gateway to the public subnet.您将 NAT 网关添加到公共子网。 After that, you need to edit route tables for private subnets to point to the NAT gateway.之后,您需要编辑私有子网的路由表以指向 NAT 网关。 When you add a Lambda function to the VPC, you choose in which subnets it can be deployed.将 Lambda function 添加到 VPC 时,您可以选择可以在哪些子网中部署它。 It's necessary to associate all of those subnets with the NAT gateway, so you're sure that the Lambda function will always have access to the NAT gateway.有必要将所有这些子网与 NAT 网关相关联,因此您可以确定 Lambda function 将始终可以访问 NAT 网关。

If your Lambda function really needs to be in VPC (it needs access to some other resources inside of VPC), this is ok, but if it's not really necessary, I'd suggest you just move it outside of VPC (NAT gateway is $35/month + traffic).如果您的 Lambda function 确实需要在 VPC 中(它需要访问 VPC 内的一些其他资源),这没关系,但如果不是真的需要,我建议您将其移出 VPC(NAT 网关为 35 美元) /月+流量)。

You can see the details here as well: AWS Knowledgebase您也可以在此处查看详细信息: AWS 知识库

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在VPC中连接AWS Lambda和RDS - How to connect AWS Lambda and RDS in VPC 如何在 VPC 中正确地将 AWS Lambda 连接到 RDS? - How to properly connect AWS Lambda to RDS in VPC? AWS Lambda 无法(间歇性地)连接到 AWS VPC 内的 MongoDB - AWS Lambda unable to connect (intermittently) to MongoDB inside an AWS VPC 如何连接到私有 VPC 中的 AWS IAM API? - How can I connect to the AWS IAM API in a private VPC? 为什么 VPC 中公共 su.net 内的 AWS lambda function 无法连接到 inte.net? - Why can't an AWS lambda function inside a public subnet in a VPC connect to the internet? AWS Lambda 无法连接到 VPC 中的 AWS 服务 - AWS Lambda cannot connect to AWS services in VPC 如何将VPC内的AWS Lambda函数连接到DynamoDB等公共资源? - How to connect AWS Lambda function inside a VPC to public resources like DynamoDB? 如何使用 AWS CloudFormation 连接到现有 RDS 数据库? - How can I connect to an existing RDS database using AWS CloudFormation? AWS Lambda连接到VPC中的RDS的潜在替代方案 - AWS Lambda potential alternatives to connect to RDS in VPC VPC 中的 Lambda 无法连接到 AWS 服务 - Lambda in VPC cannot connect to AWS services
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM