无法从Amazon Lambda,相同的VPC和正确的角色权限访问RDS [英] Can't access to RDS from Amazon Lambda, same VPC and correct role permissions
问题描述
我无法在生产中从Amazon Lambda成功连接到RDS。
对于Amazon Lambda,我正在使用Serverless框架,可以离线执行sls,我可以从本地主机连接RDS,但是在生产中,Amazon Lambda无法。
i can't successfully connect to RDS from Amazon Lambda in production. For Amazon Lambda i'm using Serverless framework, executing sls offline i can connect with RDS from localhost, but in production Amazon Lambda doesn't.
两者
我具有以下权限:AmazonRDSFullAccess,在同一VPC中,在同一安全组中,该安全组具有所有流量入站访问,并且该规则指向Vpc的CIDR。
I have these permissions attached: AmazonRDSFullAccess, AWSLambdaFullAccess, AmazonVPCFullAccess, AWSLambdaExecute and AWSLambdaVPCAccessExecutionRole.
感谢您的帮助。
推荐答案
我遇到了这个问题,以下是我要解决的步骤的摘要:
I had this issue and the following is a summary of the steps I took to resolve:
- 在lambda网络部分中,选择VPC,然后所有子网。将安全组设置为创建RDS的安全组(设置为/)。
- 编辑所述安全组入站策略,并使用RDS端口/访问设置设置策略,并将源设置为自己的组ID。如果它们不接受来自其所属组的连接,则将它们放在同一个组中是不够的。
- 确保lambda函数执行角色已附加AWSLambdaVPCAccessExecutionRole和AWSLambdaBasicExecutionRole策略。 li>
- In lambda network section select the VPC and all subnets. Set the security group to the security group the RDS was created with / set to.
- Edit said security group inbound policies and set a policy with RDS port/access settings and set the source equal to its own Group Id. It is not sufficient that they are in the same group, if it doesn't accept connections from it's own group.
- Ensure the lambda function execution role has AWSLambdaVPCAccessExecutionRole and AWSLambdaBasicExecutionRole policies attached.
祝你好运。
这篇关于无法从Amazon Lambda,相同的VPC和正确的角色权限访问RDS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
