Lambda对EC2中的MongoDB的无效权限 [英] Invalid permission from Lambda to MongoDB in EC2

问题描述

我创建了一个Lambda函数，旨在连接到在EC2上运行的MongoDB.

I have created a Lambda Function which intends to connect to MongoDB running on EC2.

我遵循了一些教程，并保证:

I have followed some tutorials and guaranteed that:

• Lambda和EC2在同一VPC中运行
• Lambda已配置EC2的子网
• Lambda拥有自己的安全组my-lambda-sg
• 在EC2的MongoDB端口安全组入站规则中允许Lambda的安全组作为自定义TCP规则"
• Lambda的角色已分配权限AWSLambdaVPCAccessExecutionRole

但是，我仍然无法从Lambda连接到EC2中的MongoDB.当我在Lambda中运行测试时，我得到:

However, I am stil unable to connect from the lambda to the MongoDB in EC2. When I run a Test in the Lambda I get:

START RequestId: f0869292-5207-11e8-85d2-cba0eb99208c Version: $LATEST
2018-05-07T15:04:29.117Z    567951c4-5207-11e8-ba43-0314179d2bf5    { MongoNetworkError: failed to connect to server [IP:port] on first connect [MongoNetworkError: connection 0 to IP:port timed out]
    at Pool.<anonymous> (/var/task/node_modules/mongodb-core/lib/topologies/server.js:503:11)
    at emitOne (events.js:116:13)
    at Pool.emit (events.js:211:7)
    at Connection.<anonymous> (/var/task/node_modules/mongodb-core/lib/connection/pool.js:326:12)
    at Object.onceWrapper (events.js:317:30)
    at emitTwo (events.js:126:13)
    at Connection.emit (events.js:214:7)
    at Socket.<anonymous> (/var/task/node_modules/mongodb-core/lib/connection/connection.js:256:10)
    at Object.onceWrapper (events.js:313:30)
    at emitNone (events.js:106:13)
    at Socket.emit (events.js:208:7)
    at Socket._onTimeout (net.js:420:8)
    at ontimeout (timers.js:482:11)
    at tryOnTimeout (timers.js:317:5)
    at Timer.listOnTimeout (timers.js:277:5)
  name: 'MongoNetworkError',
  message: 'failed to connect to server [IP:port] on first connect [MongoNetworkError: connection 0 to IP:port timed out]' }
END RequestId: f0869292-5207-11e8-85d2-cba0eb99208c

我从API网关获得

You do not have permission to perform this action

从浏览器中我得到:

{"message": "Endpoint request timed out"}

其他Lambda无法访问EC2的情况很好.

Other Lambda's not accessing EC2 are working fine.

知道我可能会丢失什么吗?

Any idea what could I be missing?

推荐答案

我找到了答案.上面的所有条件都可以.我只需要使用EC2的内部IP代替MongoDB URL连接中的外部IP，就可以将其视为VPC内的呼叫，正如我在这里找到的

I found the answer. All requisites above are ok. I just needed to use the internal IP of the EC2 instead the external one in the MongoDB URL connection, to be considered a call within the VPC, as I found here AWS Lambda unable to access EC2 port within the same VPC

这篇关于Lambda对EC2中的MongoDB的无效权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！