AWS:Lambda函数无法使用EC2实例的私有API调用REST API [英] AWS: Lambda function cannot call rest api using private API of EC2 instance

问题描述

我正在创建一个lambda函数(可以完全访问ec2实例，并且可以对dynamo db流执行以下操作(DescribeStream，GetRecords，GetShardIterator，ListStreams).

I am creating a lambda function (having full access to ec2 instances and following actions (DescribeStream, GetRecords, GetShardIterator, ListStreams)on dynamo db stream).

我的要求是使用elb名称获取实例的私有IP，并在DynamoDB流触发的lambda事件上调用rest API.

My requirement is to using elb name get the private IPs of the instances and call rest API on lambda event triggered by DynamoDB stream.

我的Lambda函数的Python3.6脚本可以正常工作以获取所有私有IP.

My Python3.6 script for the Lambda Function is working properly to get all the private IPs.

但是我不知道如何使用私有IP调用rest API.

But I don't know how to call rest API using the private IP.

我想通知我们，有一个堡垒实例(具有公共IP)，可以使用它通过隧道进行SSH攻击.

I would like to inform that we have a bastion instance(having public IP), using which we can ssh by tunneling through it.

我不知道该怎么做.

我的python脚本如下:

My python script is below:

import boto3
import sys
import string
import subprocess

def instanaceList():
    elb_name = 'xxxx-xxx-xxx-xxx-2-BlueELB'
    print(elb_name)
    print('\n')
    print('THE LIST OF INSTANCES ATTACHED TO THIS ELB IS \n')
    elbList = boto3.client('elb')
    ec2 = boto3.resource('ec2')

    bals = elbList.describe_load_balancers()
    for elb in bals['LoadBalancerDescriptions']:

        set2 = elb['LoadBalancerName']
        if elb_name == set2 :
            inst =  elb['Instances']
            print(inst)
            for xIns in inst:
                print(xIns)
                EC2InstanceId = xIns['InstanceId']
                ec2 = boto3.resource('ec2')
                ec2instance = ec2.Instance(EC2InstanceId)
                print(ec2instance.private_ip_address)
                url = "curl -X GET https://"+ec2instance.private_ip_address+"/voice/diag -H 'cache-control: no-cache'"
                result = subprocess.call(url, shell=True)

def lambda_handler(event, context):
    print('test')
    print(event)
    instanaceList()
    return 'Hello from Lambda'

推荐答案

假设您的问题是让Lambda在VPC中连接没有公共IP的ec2实例，那么您需要为lambda提供其他配置以使其能够访问资源在VPC中.

Assuming your issue is getting Lambda to connect ec2 instances without public IP in a VPC, then you need to give additional config to your lambda to enable it to access resources in the VPC.

使用CLI的示例(来自 https://docs.aws. amazon.com/lambda/latest/dg/vpc.html ):

Example using CLI (from https://docs.aws.amazon.com/lambda/latest/dg/vpc.html):

$  aws lambda create-function \
--function-name ExampleFunction \
--runtime python3.6 \
--role execution-role-arn \
--zip-file fileb://path/app.zip \
--handler app.handler \
--vpc-config SubnetIds=comma-separated-vpc-subnet-ids,SecurityGroupIds=comma-separated-security-group-ids \
--memory-size 1024 

或更新现有Lambda的配置:

Or to update config of an existing Lambda:

$ aws lambda update-function-configuration \
--function-name ExampleFunction \
--vpc-config SubnetIds=comma-separated-vpc-subnet-ids,SecurityGroupIds=security-group-ids

如果您的问题实际上是从Python进行API调用，请查看如何在python中发出发布请求

If your issue is actually making an API call from Python, then check out how to make post request in python

这篇关于AWS:Lambda函数无法使用EC2实例的私有API调用REST API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！