是否可以将公共IP分配给AWS中的Lambda函数? [英] Is it possible to assign a public IP to a Lambda function in AWS?
问题描述
我们需要在公司后端访问仅接受来自授权IP地址的调用的API。
We need to access APIs in a corporate backend that accept calls only from authorised IP addresses.
目前,我们的移动客户端正在调用执行以下功能的AWS Lambda函数进行一些转换,然后在分配了授权的公共IP地址的EC2实例上调用另一个服务。第二项服务对企业后端执行最终调用,将数据返回给lambda,然后再返回给客户端。
At this moment our mobile clients are calling an AWS Lambda function that performs some transformations and then calls another service on an EC2 instance that has the authorised public IP address assigned. This second service performs the final call to the corporate backend returning the data to the lambda and then to the clients.
这可以正常工作,但是会增加一些不必要的复杂性
This is working fine, but it adds some unnecessary complexity to the architecture that we wish to avoid.
是否有可能以某种方式将公共IP分配给lambda函数,从而避免在EC2中使用此额外服务?
Is it possible to assign the public IP to the lambda function somehow to avoid having this extra service in EC2?
谢谢
GA
推荐答案
简单的解决方案是:
-
创建具有弹性IP地址的NAT实例或NAT网关
create a NAT Instance or NAT Gateway with an Elastic IP address
创建一个私有VPC子网,该子网使用NAT设备作为默认路由
create a private VPC subnet which uses the NAT device as its default route
部署Lambda函数
创建的每个Lambda容器都将在其上具有一个弹性网络接口(ENI)。该专用子网,这意味着NAT设备将是其默认网关,这意味着NAT设备的EIP将作为绑定到Internet的内部起源连接的源IP地址。
Each Lambda container created will have an elastic network interface (ENI) on that private subnet, which means the NAT device will be its default gateway, which means the NAT device's EIP will be its source IP address for internally-originated connections that are bound for the Internet.
lambda功能代码本身不需要更改。
No change to the lambda function code, itself is required.
以上是官方解决方案。
还请注意,使用当前技术,将Lambda函数放置在VPC内将每当需要分配新的弹性网络接口(ENI)时,都会对冷启动时间产生影响。
Note also that with current technology, placing a Lambda funcion inside a VPC will have an impact on cold-start times, any time a new Elastic Network Interface (ENI) needs to be allocated.
Lambda函数时配置为在VPC内运行,会产生额外的ENI启动损失。
When a Lambda function is configured to run within a VPC, it incurs an additional ENI start-up penalty.
https://docs.aws.amazon.com/lambda/latest/dg/vpc.html
这篇关于是否可以将公共IP分配给AWS中的Lambda函数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
