Lambda对EC2中的MongoDB的无效权限 [英] Invalid permission from Lambda to MongoDB in EC2
问题描述
我创建了一个Lambda函数,旨在连接到在EC2上运行的MongoDB.
I have created a Lambda Function which intends to connect to MongoDB running on EC2.
我遵循了一些教程,并保证:
I have followed some tutorials and guaranteed that:
- Lambda和EC2在同一VPC中运行
- Lambda已配置EC2的子网
- Lambda拥有自己的安全组my-lambda-sg
- 在EC2的MongoDB端口安全组入站规则中允许Lambda的安全组作为自定义TCP规则"
- Lambda的角色已分配权限AWSLambdaVPCAccessExecutionRole
但是,我仍然无法从Lambda连接到EC2中的MongoDB.当我在Lambda中运行测试时,我得到:
However, I am stil unable to connect from the lambda to the MongoDB in EC2. When I run a Test in the Lambda I get:
START RequestId: f0869292-5207-11e8-85d2-cba0eb99208c Version: $LATEST
2018-05-07T15:04:29.117Z 567951c4-5207-11e8-ba43-0314179d2bf5 { MongoNetworkError: failed to connect to server [IP:port] on first connect [MongoNetworkError: connection 0 to IP:port timed out]
at Pool.<anonymous> (/var/task/node_modules/mongodb-core/lib/topologies/server.js:503:11)
at emitOne (events.js:116:13)
at Pool.emit (events.js:211:7)
at Connection.<anonymous> (/var/task/node_modules/mongodb-core/lib/connection/pool.js:326:12)
at Object.onceWrapper (events.js:317:30)
at emitTwo (events.js:126:13)
at Connection.emit (events.js:214:7)
at Socket.<anonymous> (/var/task/node_modules/mongodb-core/lib/connection/connection.js:256:10)
at Object.onceWrapper (events.js:313:30)
at emitNone (events.js:106:13)
at Socket.emit (events.js:208:7)
at Socket._onTimeout (net.js:420:8)
at ontimeout (timers.js:482:11)
at tryOnTimeout (timers.js:317:5)
at Timer.listOnTimeout (timers.js:277:5)
name: 'MongoNetworkError',
message: 'failed to connect to server [IP:port] on first connect [MongoNetworkError: connection 0 to IP:port timed out]' }
END RequestId: f0869292-5207-11e8-85d2-cba0eb99208c
我从API网关获得
You do not have permission to perform this action
从浏览器中我得到:
{"message": "Endpoint request timed out"}
其他Lambda无法访问EC2的情况很好.
Other Lambda's not accessing EC2 are working fine.
知道我可能会丢失什么吗?
Any idea what could I be missing?
推荐答案
我找到了答案.上面的所有条件都可以.我只需要使用EC2的内部IP代替MongoDB URL连接中的外部IP,就可以将其视为VPC内的呼叫,正如我在这里找到的
I found the answer. All requisites above are ok. I just needed to use the internal IP of the EC2 instead the external one in the MongoDB URL connection, to be considered a call within the VPC, as I found here AWS Lambda unable to access EC2 port within the same VPC
这篇关于Lambda对EC2中的MongoDB的无效权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!