运行VPC的AWS Lambda仅发送一次SQS消息 [英] VPC-running AWS Lambda sends SQS message only once
问题描述
我有一个运行在私有子网中的NodeJS Lambda函数,它允许安全组和NACL中的所有传入/传出策略(虽然不安全,但它们可以完成工作).专用子网的NAT网关位于同一VPC的公用子网中,因此Internet连接有效.
I have a NodeJS Lambda function running in a private subnet, with allow all incoming/outgoing policies in both the security group and the NACL (not safe, but they do the job). The private subnet has a NAT gateway sitting in a public subnet of the same VPC, so internet connectivity works.
我的目标是将消息发送到SQS队列.
My goal is to send messages to an SQS queue.
Lambda代码是这样的:
The Lambda code is this:
const AWS = require('aws-sdk')
const sqs = new AWS.SQS()
exports.handler = (event, context, callback) => {
sqs.sendMessage({
MessageBody: JSON.stringify(event),
QueueUrl: 'https://sqs.eu-west-1.amazonaws.com/000000000000/queue-name'
}, function(err, data) {
console.log(err, data);
return callback(err, data);
});
};
由于某种原因,此功能仅在我放置的每个专用子网中第一次运行.之后,它就超时了.
For some reason, this function only runs the first time in each private subnet I put it. After that it just times out.
{
"errorMessage": "2017-10-23T17:07:01.675Z 903aaabc-b814-11e7-a727-19816eaa468a Task timed out after 10.00 seconds"
}
这是日志
START RequestId: 903aaabc-b814-11e7-a727-19816eaa468a Version: $LATEST
END RequestId: 903aaabc-b814-11e7-a727-19816eaa468a
REPORT RequestId: 903aaabc-b814-11e7-a727-19816eaa468a Duration: 10002.46 ms Billed Duration: 10000 ms Memory Size: 128 MB Max Memory Used: 32 MB
2017-10-23T17:07:01.675Z 903aaabc-b814-11e7-a727-19816eaa468a Task timed out after 10.00 seconds
如果我运行未附加到VPC的功能,则每次都能正常运行,但是我必须在其中添加一些私有资源访问逻辑,因此我不能在VPC之外运行它.
If I run the function unattached to a VPC, it works perfectly every time, but I must add some private resource access logic in there, so I can't run it outside of the VPC.
我的感觉是,这与该功能使用的可重用容器(基础结构单元)有关,但是我对AWS的普遍经验,尤其是Lambda的经验太浅,无法弄清楚它如何对其产生影响.
My feeling is that this has to do with the reusable container (infrastructure unit) that the function uses, but my experience with AWS in general and Lambda in particular is too shallow to figure out how that affects it.
我已经尝试过暖手"版本,其中在handler中构造了sqs对象,但是效果不佳.
I've tried the "warmer" version where the sqs object gets constructed in the handler, but that didn't work any better.
有人知道我在做什么错吗?
Does anyone have an idea about what I'm doing wrong?
推荐答案
看来这实际上是连接问题.
It seems that this was actually a connectivity issue.
我有3个公共子网和3个私有子网.公共子网通过Internet网关(IGW)将流量路由到0.0.0.0/0.私有的通过位于公共子网之一中的NAT网关将流量路由到0.0.0.0/0.
I had 3 public subnets and 3 private ones. The public subnets routed traffic to 0.0.0.0/0 through an Internet Gateway (IGW). The private ones routed traffic to 0.0.0.0/0 through a NAT Gateway that was sitting in one of the public subnets.
问题在于,连接到公用子网的NACL仅允许端口80,443和49152-65535上的入站流量.似乎对SQS服务的请求与这些端口不在同一个端口上.
The problem was that the NACLs attached to the public subnets only allowed inbound traffic on ports 80, 443 and 49152-65535. It seems that the request to the SQS service was coming on a different port than these.
根据1024-65535到公共子网的入站流量="nofollow noreferrer">此处的指南,尽管它似乎不太安全.
I've allowed inbound traffic to the public subnets through ports 1024-65535 according to the guide here, although it doesn't seem too secure.
这篇关于运行VPC的AWS Lambda仅发送一次SQS消息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
