从VPC内部访问VPC外部的AWS资源-无服务器框架 [英] Access AWS Resource Outside of VPC from Within VPC - Serverless Framework
问题描述
我正在尝试从VPC内的lambda函数访问VPC外部的运动流.当前,当执行写入运动流的代码时,它将挂起,然后超时.当我从VPC中取出lambda时,写入流的代码可以正常工作.但是我需要访问VPC中的资源,然后写入流中.有人知道怎么修这个东西吗?
I am trying to access a kinesis stream outside a VPC from a lambda function inside a VPC. Currently when the code to write to the kinesis stream is executed it will hang and then timeout. When I take the lambda out of the VPC the code to write to the stream works fine. But I need to access a resource within the VPC and then write to the stream. Anyone know how to fix this?
这是我在VPC中的功能
Here is my function that is in the VPC
functions:
handleChanges:
handler: functions/handlers.handleChanges
timeout: 10
package:
include:
- functions/utils/**
events:
- http:
method: POST
path: "/"
integration: lambda
vpc:
securityGroupIds:
- ${file(./private.yml):variables.securityGroup}
subnetIds:
- ${file(./private.yml):variables.subnetID}
这是我的政策
iamRoleStatements:
- Effect: "Allow"
Action:
- "kinesis:PutRecord"
- "kinesis:GetRecords"
- "kinesis:GetShardIterator"
- "kinesis:DescribeStream"
- "kinesis:ListStreams"
Resource:
Fn::GetAtt:
- KinesisStream
- Arn
- Effect: "Allow"
Action:
- "cognito-idp:AdminGetUser"
Resource: "*"
- Effect: "Allow"
Action:
- "logs:CreateLogGroup"
- "logs:CreateLogStream"
- "logs:PutLogEvents"
- "ec2:CreateNetworkInterface"
- "ec2:DescribeNetworkInterfaces"
- "ec2:DeleteNetworkInterface"
Resource: "*"
最后是我的运动学流资源
And finally here is my kinesis stream resource
KinesisStream:
Type: AWS::Kinesis::Stream
Properties:
Name: ${self:provider.environment.STREAM_NAME}
ShardCount: 1
推荐答案
The only solution is to add a NAT Gateway (or NAT instance) to your VPC so that resources like your Lambda function that reside in your private subnet will have access to resources outside the VPC.
这篇关于从VPC内部访问VPC外部的AWS资源-无服务器框架的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
