外部调用上的Lambda函数超时 [英] Lambda function timeout on external call
问题描述
我有一个Lambda函数,我需要从中进行外部API调用.我已将Lambda函数添加到安全组,VPC和2个子网中,它为我提供了此文本:
I have a Lambda function from which I need to make an external API call. I have added the Lambda function to a security group, a VPC, and 2 subnets, and it gives me this text:
启用VPC后,您的Lambda功能将失去默认的Internet 使用权.如果您需要外部互联网访问以实现其功能, 确保您的安全组允许出站连接,并且 您的VPC具有NAT网关.
When you enable VPC, your Lambda function will lose default internet access. If you require external internet access for your function, ensure that your security group allows outbound connections and that your VPC has a NAT gateway.
我进入VPC,创建NAT网关(我让AWS创建EIP),并将其附加到我的lambda函数上的一个子网中.
I go into VPC, create a NAT gateway (I let AWS create a EIP), attach it to one of the subnets on my lambda function.
出于调试目的,我的安全组出站功能设置为所有流量/所有目标(0.0.0.0/0).还将我为此VPC的网络ACL设置为此(具有5个子网,包括具有NAT网关的子网):
For debugging purposes, my security group outbound functions are set to all traffic/all destinations (0.0.0.0/0). Also my Network ACL for this VPC is set to this (with 5 subnets, including the one with the NAT gateway):
100 | ALL Traffic | ALL | ALL | 0.0.0.0/0 | ALLOW
具有相同2个子网的路由表位于VPC上,其中0.0.0.0/0路由设置为以NAT网关为目标.
A route table with the same 2 subnets is on the VPC, with the 0.0.0.0/0 route set to target the NAT gateway.
VPC上还有一个具有3个其他子网的不同路由表,其中0.0.0.0/0路由设置为以Internet网关为目标.
A different route table with 3 other subnets is also on the VPC, with the 0.0.0.0/0 route set to target the internet gateway.
两个路由表都具有相同的local目标IP(VPC的IP).
Both route tables have the same local destination IP (the IP for the VPC).
我得到的错误是:
{ Error: connect ETIMEDOUT x.x.x.x:443
at Object.exports._errnoException (util.js:1018:11)
at exports._exceptionWithHostPort (util.js:1041:20)
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1090:14)
code: 'ETIMEDOUT',
errno: 'ETIMEDOUT',
syscall: 'connect',
address: 'x.x.x.x',
port: 443 }
我正在运行的节点代码可以在我的桌面节点环境上运行,而POST调用可以在邮递员中运行,因此我可以肯定这是我的AWS配置存在问题.
The node code I am running works on my desktop node environment, and the POST call works in postman, so I am fairly certain this is problem with my AWS config.
我一直将此场景用作资源: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html
I have been using this scenario as a resource: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html
推荐答案
我进入VPC,创建一个NAT网关(我让AWS创建一个EIP),并将其附加到我的lambda函数上的一个子网中.
I go into VPC, create a NAT gateway (I let AWS create a EIP), attach it to one of the subnets on my lambda function.
那是gou出问题的地方.
That is where gou went wrong.
NAT网关必须不连接到它所服务的任何子网. NAT网关必须位于公共子网中,并且具有到Internet网关的默认路由.
The NAT Gateway must not be attached to any of the subnets it serves. The NAT Gateway must be on a public subnet with a default route to the Internet Gateway.
NAT网关的默认路由遵循其所连接的子网的路由表的默认路由,以到达Internet.如果它与需要NAT Gatway的子网相关联,则其默认路由会自行循环.
A NAT Gateway's default route follows the default route of the route table of the subnet to which it is attached, to reach the Internet. If it's associated with a subnet that needs a NAT Gatway, its default route loops back on itself.
然后,与Lambda关联的所有子网需要使用其默认路由指向NAT网关的路由表.
Then, all subnets associated with Lambda need to use a route table whose default route points to the NAT Gateway.
这篇关于外部调用上的Lambda函数超时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
