尝试访问DynamoDB时AWS Lambda node.js超时 [英] AWS Lambda node.js timeout when trying to access DynamoDB

问题描述

在尝试访问DynamoDB问题时，我遇到了其中一个AWS Lambda node.js超时，但症状似乎有所不同，我发现的解决方案无法解决此问题。

I'm facing one of these AWS Lambda node.js timeout when trying to access DynamoDB issues but the symptoms appear different and the solutions I found don't solve this issue.

超时设置为5min，内存设置为128MB，但不超过30MB。

角色的IAM策略为：

Timeout is set to 5min, memory is set to 128MB but doesn't exceed 30MB usage.
IAM policies for the role are:

• AWSLambdaFullAccess


• AmazonDynamoDBFullAccess


• AWSLambdaVPCAccessExecutionRole

默认VPC具有7个安全组，并包括具有以下内容的默认安全组：

The default VPC has 7 security groups and include the default security group with:

• 入站： 所有流量，所有协议，所有端口范围，


• 出站：所有流量，所有协议，所有端口范围，0.0.0.0 / 0

• Inbound: All Traffic, All protocol, All port range,
• Outbound: All Traffic, All protocol, All port range, 0.0.0.0/0

以下是代码：

var aws = require('aws-sdk');

exports.handler = function(event, context) {
  var dynamo = new aws.DynamoDB();

  dynamo.listTables(function(err, data) {
    if (err) {
      context.fail('Failed miserably:' + err.stack);
    } else {
      context.succeed('Function Finished! Data :' + data.TableNames);
    }
  });
};

结果：

START RequestId: 5d2a0294-fb6d-11e6-989a-edaa5cb75cba Version: $LATEST
END RequestId: 5d2a0294-fb6d-11e6-989a-edaa5cb75cba
REPORT RequestId: 5d2a0294-fb6d-11e6-989a-edaa5cb75cba  Duration: 300000.91 ms  Billed Duration: 300000 ms  Memory Size: 128 MB Max Memory Used: 21 MB  
2017-02-25T15:21:21.778Z 5d2a0294-fb6d-11e6-989a-edaa5cb75cba Task timed out after 300.00 seconds

相关的node.js版本问题已解决此处不适用于我并返回 ReferenceError：https无效在exports.handler（/var/task/index.js:6:16）中定义 。 AWS也已弃用版本0.10。

这是带有https引用的代码：

The related node.js version issue solved here doesn't work for me and returns a "ReferenceError: https is not defined at exports.handler (/var/task/index.js:6:16)". Also AWS has deprecated version 0.10.
Here is the code with the https reference:

var aws = require('aws-sdk');

exports.handler = function(event, context) {
  var dynamo = new aws.DynamoDB({
  httpOptions: {
    agent: new https.Agent({
      rejectUnauthorized: true,
      secureProtocol: "TLSv1_method",
      ciphers: "ALL"
    })
  }
});

  dynamo.listTables(function(err, data) {
    if (err) {
      context.fail('Failed miserably:' + err.stack);
    } else {
      context.succeed('Function Finished! Data :' + data.TableNames);
    }
  });
};

结果：

START RequestId: 6dfd3db7-fae0-11e6-ba81-a52f5fc3c3eb Version: $LATEST
2017-02-24T22:27:31.010Z    6dfd3db7-fae0-11e6-ba81-a52f5fc3c3eb    ReferenceError: https is not defined
    at exports.handler (/var/task/index.js:6:16)
END RequestId: 6dfd3db7-fae0-11e6-ba81-a52f5fc3c3eb
REPORT RequestId: 6dfd3db7-fae0-11e6-ba81-a52f5fc3c3eb  Duration: 81.00 ms  Billed Duration: 100 ms     Memory Size: 128 MB Max Memory Used: 26 MB  
RequestId: 6dfd3db7-fae0-11e6-ba81-a52f5fc3c3eb Process exited before completing request

在将超时设置为5min的情况下，我无法相信AWS无法返回分配的时间范围内的表列表和权限问题通常会出现在日志中。

With a timeout set to 5min I can't believe that AWS wouldn't be able to return the list of tables in the allocated timeframe and permission issues typically appear in the logs.

谢谢您的关注。

推荐答案

您不再需要创建NAT网关/实例

You no longer need to create a NAT gateway/instance

您可以为Dynamo DB创建VPC端点，该端点将在专用子网中打开Lambda以访问Dynamo。在VPC中创建一个与lambda所需的VPC /子网设置对齐的终结点，并且访问不会有问题。

You can create a VPC Endpoint for Dynamo DB which will open Lambda in the private subnet to access Dynamo. Create an endpoint in your VPC that aligns to the VPC/subnet setup you have for lambda and you will have no issues with access.

您可以限制对特定服务或资源的访问。

You can limit access to specific services or resources.

https://aws.amazon.com/blogs/aws/new-vpc-endpoints-for-dynamodb /

这可以对任何全局AWS服务，S3等完成

This can be done for any global AWS service, S3 etc

这篇关于尝试访问DynamoDB时AWS Lambda node.js超时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！