使用无服务器框架通过VPC设置NAT网关 [英] Setting up a NAT gateway with VPC using Serverless framework

问题描述

我正在尝试使用无服务器框架创建也可以访问Elasticache集群的Lambda函数.呼唤互联网.

I'm trying to use the serverless framework to create a Lambda function that can access an Elasticache cluster, as well as call out to the internet.

我已经配置了serverless.yml来创建Lambda函数，创建Elasticache集群(内存缓存引擎)，最后创建一个VPC，并将Lambda函数和Elasticache集群都放置在其中(否则，它们无法沟通).

I've got as far as configuring serverless.yml to create the Lambda function, create the Elasticache cluster (memcached engine), and finally to create a VPC and place both the Lambda function and Elasticache cluster within it (otherwise, they cannot communicate).

我了解到VPC中的内容无法访问互联网，通过围绕该主题进行研究，我得出的结论是，处理此问题的最佳实践方法是为VPC创建一个NAT网关，该网关将允许它进行外部访问.

I understand that things within a VPC do not have access to the internet, and from researching around the topic I've come to the conclusion that the best practice way of handling this is to create a NAT gateway for the VPC that will allow it external access.

我可以看到如何在AWS控制台中执行此操作，但是我想坚持在serverless.yml中进行定义，以避免任何手动的基础架构设置.

I can see how to do this within the AWS Console, however I'd like to stick to defining this within serverless.yml to avoid any manual infrastructure setup.

• 是否可以在serverless.yml内创建NAT网关?
• 创建NAT网关是否是正确的方法? (有更好的选择吗?)

• Is it possible to create a NAT gateway within serverless.yml?
• Is creating a NAT gateway the correct way of doing this? (Are there better options?)

为了达到目前的目的，我大量复制了一个无服务器示例(这是一个基于Java的示例，但是概念和服务定义是相同的).它创建一个Lambda函数，一个Elasticache集群，并将它们放入VPC中，以便它们可以进行通信.我认为Lambda函数无法访问互联网存在相同的问题. https://github.com/mugglmenzel/serverless -examples-cached-rds-ws/blob/master/serverless.yml

In getting to the point I'm currently at, I heavily copied from one of the serverless examples (it's a Java based example, but the concept and service definition is the same). It creates a Lambda function, an Elasticache cluster, and puts them in a VPC so they can communicate. I believe it has the same issue whereby the Lambda function cannot access the internet. https://github.com/mugglmenzel/serverless-examples-cached-rds-ws/blob/master/serverless.yml

推荐答案

您必须配置NAT实例或托管的NAT网关，才能通过Internet访问VPC中的Lambda.您可能必须使用serverless.yml文件的资源部分来创建NAT网关/NAT实例资源.

You have to configure a NAT instance or a managed NAT Gateway to provide internet access to your Lambdas inside the VPC. You may have to use the resource section of your serverless.yml file to create the NAT Gateway / NAT Instance resource.

看看无服务器框架的资源部分文档.这些资源将在serverless deploy

Have a look at the resources section of the Serverless Framework documentation. These resources will be added to the cloudformation stack upon serverless deploy

您可以将任何类型的资源覆盖/附加到CloudFormation堆栈中.您可以添加资源，输出，甚至覆盖描述.您还可以在资源模板中将无服务器变量用于敏感数据或可重复使用的配置.

You can overwrite/attach any kind of resource to your CloudFormation stack. You can add Resources, Outputs or even overwrite the Description. You can also use Serverless Variables for sensitive data or reusable configuration in your resources templates.

因此，您可以在资源部分中为NAT网关添加Cloudformation模板.

So you can add the Cloudformation template for a NAT Gateway inside the resource section.

例如，

Resources:
  NatGateway:
  Type: AWS::EC2::NatGateway
  DependsOn: NatEIP
  Properties:
    AllocationId:
      Fn::GetAtt:
      - NatEIP
      - AllocationId
    SubnetId:
      Ref: PublicSubnet
  NatEIP:
    Type: AWS::EC2::EIP
    Properties:
      Domain: vpc
  NatRoute:
    Type: AWS::EC2::Route
    DependsOn: NatGateway
    Properties:
      RouteTableId:
        Ref: PrivateRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      NatGatewayId:
        Ref: NatGateway

这是链接到VPC内Lambda的完整CloudFormation代码段.

Here is a link to a complete CloudFormation snippet of Lambda inside VPC.

这篇关于使用无服务器框架通过VPC设置NAT网关的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！