AWS Lambda-NAT网关互联网访问导致超时 [英] AWS Lambda - NAT Gateway internet access results in timeout

问题描述

我有一个AWS Lambda函数，该函数:

• 检查Redis Elasticache实例
• 如果在缓存中找不到该项目，请转到Google Places API服务.

Redis实例位于私有子网中；因此，为了获取它，我添加了VPC和实例所在的子网.我还指定了允许所有出站流量的安全组.网络ACL是默认ACL，适用于所有入站和出站流量.

通过控制台将VPC添加到Lambda函数时，它会提示:

启用VPC后，您的Lambda功能将失去默认的Internet访问. 如果您需要外部Internet访问功能，请确保您的安全组允许出站连接，并且您的VPC具有NAT网关.

因此，在专用子网的Route Table中，我也添加了NAT gateway.但是，从Lambda函数调用Google Places API服务时，注定总是会导致超时.

简而言之，我怀疑NAT网关是否正确允许Lambda功能的Internet访问.我如何检查它出了什么问题?

NAT网关是否以某种方式在CloudWatch等中记录了呼叫或尝试通过它进行的呼叫尝试?

解决方案

以下步骤是必需的

1. 已将完全VPC权限分配给您的lambda函数的IAM角色.
2. 具有公共和私有子网的VPC
3. 在创建NAT网关时 a)子网必须是公共子网 b)弹性IP创造一个新的或分配一个
4. 创建路由表，并添加另一个带有目标的路由作为我们在上面创建的NAT网关. 而且您的lambda现在应该很开心

I have a AWS Lambda function which:

• checks a Redis Elasticache instance,
• if the item is not found in the cache, goes to Google Places API service.

The Redis instance is in a private subnet; so, to fetch it, I added the VPC and the subnet in which the instance resides. I also specified the security group which allows all the outbound traffic. The Network ACL is the default one which is supposed to all the inbound and the outbound traffic.

When adding VPC to Lambda function like that via the console, it prompts:

When you enable VPC, your Lambda function will lose default internet access. If you require external internet access for your function, ensure that your security group allows outbound connections and that your VPC has a NAT gateway.

So, in the Route Table of the private subnet, I added a NAT gateway too. However, at the point where the Google Places API service call is made from the Lambda function it is always doomed to result in timeout.

In short, I doubt that the NAT gateway properly allows internet access of the Lambda function. How can I check what goes wrong with it?

Do NAT Gateways log the calls or the call attempts being tried through it somehow in CloudWatch etc.?

解决方案

The following steps are required

1. An IAM role with full VPC permission assigned to your lambda function.
2. VPC with public and private subnet
3. while creating a NAT Gateway a)the subnet has to be public subnet b)Elastic IP creat a new one or allocate one
4. Create the route table and add another route with target as our NAT gateway we created above. And your lambda should be happy now

这篇关于AWS Lambda-NAT网关互联网访问导致超时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！