如何仅允许从VPC内的EC2实例调用AWS Lambda函数 [英] How to allow invoking an AWS Lambda function only from EC2 instances inside a VPC

问题描述

我正在努力理解如何从VPC内的EC2实例轻松调用我的lambda函数.

I am struggling with understanding how I can easily invoke my lambda function from an EC2 instance within a VPC.

我认为我有一个非常普遍的问题，但奇怪的是，我没有找到针对此模式"的任何特定内容.

I think I have a quite common problem but strangely enough I didn't found anything specific for this "pattern".

我在EC2实例中有一个Python应用程序，我想使用Lambda函数并行启动繁重的处理函数，并保持EC2的重量轻.

I have a Python application in an EC2 instance and I would like to launch heavy processing functions in parallel using Lambda functions and keep the EC2 quite light-weight.

理想情况下，Lambda函数只能在VPC内部调用(只能从我的EC2实例中调用).

Ideally, the Lambda function could be invoked only from within the VPC (only from my EC2 instances).

我的理解是，我必须创建一个API网关(或向Lambda函数添加一个API端点)，但是我不知道如何从EC2调用此函数(我试图使用HTTP请求但未成功)以及如何设置权限.

My understanding is that I have to create an API gateway (or add an API endpoint to the Lambda function) but I don't understand how to invoke this function from the EC2 (I am trying to use HTTP requests without success) nor how to set permissions.

我在该函数中使用了触发器来设置API网关，并且正在使用相应的请求链接.

I used a trigger in the function to set-up the API gateway and I am using the corresponding link for requests.

推荐答案

除了API网关以外，还有多种方法来调用Lambda函数.与您的用例最相关的一种是Invoke API.您可以在此处和Boto库的官方文档中找到它们，如果您使用的是Boto，请此处.

There are various ways, other than API Gateway, to invoke Lambda functions. The one most relevant to your use case would be the Invoke API. You can find the official documentation here and the Boto library's, in case you are using Boto, here.

此外，正如对该问题的评论中所提到的，您可以为EC2实例分配一个IAM角色，以允许它们Invoke Lambda函数.

Also, as mentioned in a comment on the question, you can assign an IAM role to the EC2 instances that allows them to Invoke the Lambda function.

这篇关于如何仅允许从VPC内的EC2实例调用AWS Lambda函数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！