在默认VPC中从Lambda访问AWS S3 [英] Access AWS S3 from Lambda within Default VPC

问题描述

我有一个lambda函数，该函数需要通过ssh访问ec2并加载文件并将其保存到s3.因此，为此，我将ec2和lambda都保留在默认VPC和相同的子网中.现在的问题是我可以将功能连接到ec2而不是s3.

I have a lambda function which needs to access ec2 through ssh and load files and save it to s3. So,for that I have kept ec2 and lambda both in default VPCs and same subnet. Now the problem is that I am able to connect the function to ec2 but not to s3.

自从早上删除vpc设置以来，它就杀死了我，它将文件上传到s3，但是到ec2的连接丢失了.

Its killing me since morning as when I remove the vpc settings it uploads the files to s3 ,but then connection to ec2 is lost.

我尝试将NAT网关添加到默认VPC(尽管我不确定我是否正确执行此操作，因为我对此并不陌生)，但是它没有执行任何操作.

I tried to add a NAT gateway to default VPC(although I am not sure I did it correctly or not because I am new to this) but it didnt do anything.

我很困惑，因为我的ec2实例在同一VPC和子网中可以访问Internet，但是lambda函数无法访问s3.

I am confused as my ec2 instance which s in the same VPC and subnet can access internet but lambda function is not able to access s3.

我不确定该如何进行.

请帮助！！！

推荐答案

Lambda函数不会从VPC内获得分配给它的公共IP，因此它永远不会像您的EC2实例那样具有直接的Internet访问权限.您必须将Lambda函数移动到具有到NAT网关的路由的专用子网中，才能对其进行Internet访问.听起来像您尝试了此操作，但配置不正确.

The Lambda function will not get a public IP assigned to it from within a VPC, so it will never have direct Internet access like your EC2 instance has. You will have to move the Lambda function to a private subnet with a route to a NAT Gateway in order to give it Internet access. It sounds like you attempted this but configured it incorrectly.

如果所有需要访问的Lambda函数都是S3，则设置VPC端点会更容易( AWSVPC中的PrivateLink ).

If all the Lambda function needs to access is S3, then it is easier to setup a VPC Endpoint (AWS PrivateLink) in your VPC.

这篇关于在默认VPC中从Lambda访问AWS S3的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！