[英]How do you assign a VPC and security group to a Lambda in AWS CDK?
我有一個帶有需要插入 RDS 數據庫的 lambda 函數的 AWS CDK 堆棧。 部署堆棧時,lambda 函數無法訪問數據庫並給出錯誤:getaddrinfo ENOTFOUND [RDS 端點由我定義]。 手動添加RDS數據庫所在的VPC、子網和安全組后,lambda函數正常工作。
您如何在 AWS CDK 中定義 VPC、子網和安全組,最好是在 TypeScript 中? 就文檔而言,我嘗試過:
const vpc = ec2.Vpc.fromLookup(this, "VPC", { vpcName: "myVPC" });
const securityGroup = ec2.SecurityGroup.fromSecurityGroupId(
this,
"SG",
"sg-XXXXX"
);
const subnet1a = ec2.PrivateSubnet.fromSubnetAttributes(this, "SUBNET1A", {
subnetId: "eu-central-1a"
});
const myLambda = new lambda.Function(this, "myLambda", {
runtime: lambda.Runtime.NODEJS_12_X,
code: lambda.Code.fromAsset("lambda"),
handler: "myLambda.handler",
description: "myLambda",
environment: {
DB_HOST: "XXXX",
DB_USER: "XXXX",
DB_PASSWORD: "XXXX",
DB_NAME: "XXXX"
},
vpc: vpc,
vpcSubnets: [subnet1a],
securityGroups: [securityGroup]
});
運行 cdk deploy 時會出現 AWS CDK 錯誤:“無法將 Lambda 函數放置在公共子網中,子進程因錯誤 1 退出”
歡迎任何幫助。
下面是一個簡單的例子,希望對你有幫助:
//get VPC Info form AWS account, FYI we are not rebuilding we are referencing
const DefaultVpc = Vpc.fromVpcAttributes(this, 'vpcdev', {
vpcId:'vpc-d0e0000b0',
availabilityZones: core.Fn.getAzs(),
privateSubnetIds: 'subnet-00a0de00',
publicSubnetIds: 'subnet-00a0de00'
});
const YourService = new lambda.Function(this, 'LambdaName', {
code: lambda.Code.fromAsset("lambda"),
handler: 'handlers.your_handler',
role: lambdaExecutionRole,
securityGroup: lambdaSecurityGroup,
vpc: DefaultVpc,
runtime: lambda.Runtime.PYTHON_3_7,
timeout: Duration.minutes(2),
});
您使用 vpc 配置 lambda 的代碼很好。 您的“subnet1a”是公共子網,建議不要在公共子網中定義任何后端服務。 lambda 和 vpc 配置的 AWS 文檔另一個參考鏈接
為 lambda 選擇私有或隔離子網。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.