无法从我的VPC配置的Lambda函数中连接Dynamo Db [英] Cant connect dynamo Db from my vpc configured lambda function
问题描述
我需要从单个lambda函数连接弹性缓存和dynamo db.我的代码是
i need to connect elastic cache and dynamo db from a single lambda function. My code is
exports.handler = (event, context, callback) => {
var redis = require("redis");
var client;
function connectRedisClient() {
client = redis.createClient(6379, "dgdfgdfgdfgdfgdfgfd.use1.cache.amazonaws.com", { no_ready_check: true });
}
connectRedisClient();
client.set('sampleKey', 'Hello World', redis.print);
console.log("set worked");
client.quit();
var AWS = require("aws-sdk");
var docClient = new AWS.DynamoDB.DocumentClient();
var table = "dummy";
var year = 2015;
var title = "The Big New Movie";
var params = {
TableName: table,
Item: {
"userid": "manafcj",
"year": year,
"title": title,
"test1": [645645, 7988],
"info": {
"plot": "Nothing happens at all.",
"rating": 0
}
}
};
console.log("Adding a new item...");
docClient.put(params, function (err, data) {
if (err) {
console.error("Unable to add item. Error JSON:", JSON.stringify(err, null, 2));
} else {
console.log("Added item:", JSON.stringify(data, null, 2));
}
});
callback(null, 'Hello from Lambda');
};
我在不配置vpc的情况下执行了此lambda代码,弹性缓存部分无法正常工作,但dynamo插入已完美完成.
I executed this lambda code without configuring vpc, elastic cache section is not working , but dynamo insertion is done perfectly.
之后,按照以下步骤在我的帐户中设置VPC.
after that i made setup for VPC in my account by following steps.
-
创建vpc 名称:test-vpc-name CIDR块:172.31.0.0/16 租期:默认
create vpc name : test-vpc-name CIDR block:172.31.0.0/16 Tenancy:Default
创建一个新的子网. 名称标签:test-subnet-1a CIDR块:172.31.0.0/20
Create a new subnet. name tag : test-subnet-1a CIDR block :172.31.0.0/20
名称标签:test-subnet-1b CIDR块:172.31.16.0/20
name tag : test-subnet-1b CIDR block :172.31.16.0/20
创建路由表 名称标签:test-route-table
Create a route table name tag : test-route-table
创建Internet网关 名称:test-internet-gateway
Create a internet gateway name:test-internet-gateway
附加VPC
路由路由中所有出站0.0.0.0/0流量
Route all outbound 0.0.0.0/0 traffic in routes
创建路由表子网关联
创建NAT网关 子网:test-subnet-1a
Create a NAT Gateway subnet : test-subnet-1a
我还按照以下步骤配置了我的弹性缓存设置
also i have configured my elastic cache setup by following steps
-
创建子网缓存组 名称:test-cache-group
Create subnet cache group name : test-cache-group
创建弹性缓存
类型:redis
群集名称:test-cache
Create elastic cache
type: redis
Cluster Name : test-cache
子网缓存组:test-cache-group
subnet cache group : test-cache-group
最后,我在lambda函数上配置了新创建的vpc.然后,redis-elastic缓存连接可以正常工作,但是dynamo db连接丢失.我都需要通过一个lambda函数就可以正常工作.
Finally, i have configured newly created vpc on my lambda function. Then redis-elastic cache connection is working fine, but dynamo db connection is lost. I need both working fine from a single lambda function.
我认为,使用NAT网关的VPC配置中存在一些故障.
I think, some fault in VPC configuration with NAT Gateway.
此设置中的实际问题是什么?
What is the actual issue in this setup?
推荐答案
Lambda和DynamoDB在AWS公共云中执行.两者都是在面向Internet的环境中执行的服务.否则,Elastic Cache Cluster是在您自己的VPC上运行的用户管理的服务.
Lambda and DynamoDB are executed in the AWS Public Cloud. Both are services executed in a internet facing environment. The Elastic Cache Cluster, otherwise, is user managed service that runs on your own VPC.
向lambda函数提供对弹性缓存集群的访问权的第一个选项是使用NAT实例,将外部网络连接转移到VPC内部的弹性缓存集群.您可以使用本文档中的说明进行帮助您完成这项任务.
The first option to give access to your elastic cache cluster to your lambda function is using a NAT instance to foward external network connections to Elastic Cache cluster inside your VPC. You can get use the instructions from this document to help you with this task.
第二个选项是您已经尝试过的选项.亚马逊表示,当您配置此选项时,并不意味着Lambda将在您的VPC中执行.它是什么定义Lambda容器的弹性网络接口来访问您的VPC.归根结底,我认为这没有什么区别.您可以在此处看到详细信息.
The second option, is the one that you already tried. Amazon says that when you configure this option it does not means that the Lambda will be executed inside your VPC. What is does it define the Elastic Network Interface of the Lambda container to access your VPC. At the end of day I don't think that this makes difference. You can see the details here.
但是关键是,执行lambda的容器只有一个弹性网络接口.如果将lambda配置为使用VPC,则网络接口将配置为使用专用IP访问子网,并且失去Internet连接.因此,除非您在VPC中具有配置的NAT实例/网关,否则它将无法访问DynamoDB.
But the point is, the container where your lambda is executed has only one Elastic Network Interface. If you configure your lambda to use your VPC, the Network Interface will be configured to access your subnet using a private IP and lost the internet connection. So, it will not be able to access DynamoDB unless you have a configure NAT instance/Gateway in your VPC.
按照你告诉我们的.您使用NAT网关配置了VPC.如果所有的配置都正确,则应该可以正常工作.也许您可以尝试使用fist选项,将lambda留在VPC之外,并配置NAT网关以将inboud连接路由到您的Elastic Cache群集.
As per you told us. You configured your VPC with a NAT Gateway. If all were correctly configured, this should be working. Maybe you can try the fist option, leaving your lambda outside your VPC and configuring the NAT Gateway to route the inboud connections to your Elastic Cache Cluster.
为什么不尝试告诉我们结果呢?
Why don't try and tell us the result?
这篇关于无法从我的VPC配置的Lambda函数中连接Dynamo Db的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
