AWS Lambda超时连接到RedShift [英] AWS Lambda times out connecting to RedShift

问题描述

我的Redshift群集位于私有VPC中.我已经在Node.js中编写了以下AWS Lamba，它应该连接到Redshift(对此问题进行了精简):

My Redshift cluster is in a private VPC. I've written the following AWS Lamba in Node.js which should connect to Redshift (dressed down for this question):

'use strict';
console.log('Loading function');

const pg = require('pg');

exports.handler = (event, context, callback) => {
var client = new pg.Client({
    user: 'myuser',
    database: 'mydatabase',
    password: 'mypassword',
    port: 5439,
    host: 'myhost.eu-west-1.redshift.amazonaws.com'
});


    // connect to our database
    console.log('Connecting...');
    client.connect(function (err) {
        if (err) throw err;

        console.log('CONNECTED!!!');

    });

};

不幸的是，我一直任务在60.00秒后超时.我在日志"正在连接... "中看到，但从未看到"已连接!!! ".

I keep getting Task timed out after 60.00 seconds unfortunately. I see in the logs "Connecting...", but never "CONNECTED!!!".

到目前为止，我已经采取了一些措施来使它起作用:

Steps I've taken so far to get this to work:

• 按照将Lambda连接到具有不同可用性的Redshift区域我在同一VPC
中拥有Redshift集群和Lamba功能
• Redshift集群和Lamba功能也位于相同子网
上
• Redshift群集和Lamba功能共享相同的安全组
根据此处的建议
• 在Redshift集群的安全组中添加了入站规则( https://github.com/awslabs/aws-lambda-redshift-loader/issues/86 )
• 与Lamba功能关联的 IAM角色具有以下策略: AmazonDMSRedshiftS3Role，AmazonRedshiftFullAccess，AWSLambdaBasicExecutionRole，AWSLambdaVPCAccessExecutionRole，AWSLambdaENIManagementAccess 从以下来源一起加扰:从Lambda访问Redshift-避免使用0.0.0.0/0安全组). 但同样的问题！

• As per Connect Lambda to Redshift in Different Availability Zones I have the Redshift cluster and the Lamba function in the same VPC
• Also Redshift cluster and the Lamba function are on the same subnet
• The Redshift cluster and the Lamba function share the same security group
• Added an inbound rule at the security group of the Redshift cluster as per the suggestion here (https://github.com/awslabs/aws-lambda-redshift-loader/issues/86)
• The IAM role associated with the Lamba Function has the following policies: AmazonDMSRedshiftS3Role, AmazonRedshiftFullAccess, AWSLambdaBasicExecutionRole, AWSLambdaVPCAccessExecutionRole, AWSLambdaENIManagementAccess scrambled together from this source: http://docs.aws.amazon.com/lambda/latest/dg/vpc.html (I realize I have some overlap here, but figured that it shouldn't matter)
• Added Elastic IP to the Inbound rules of the Security Group as per an answer from a question listed prior (even if I don't even have a NAT gateway configured in the subnet)
• I don't have Enhanced VPC Routing enabled because I figured that I don't need it.
• Even tried it by adding the Inbound rule 0.0.0.0/0 ALL types, ALL protocols, ALL ports in the Security Group (following this question: Accessing Redshift from Lambda - Avoiding the 0.0.0.0/0 Security Group). But same issue!

那么，有人对我应该检查的内容有什么建议吗?

So, does anyone have any suggestions as to what I should check?

*我还要补充一点，我不是网络专家，所以也许我在某个地方犯了一个错误.

*I should add that I am not a network expert, so perhaps I've made a mistake somewhere.

推荐答案

超时可能是因为VPC中的lambda无法访问Internet以连接到群集(您似乎正在使用公共主机名进行连接).您的连接选项取决于您的集群配置.由于您的lambda函数和群集都在同一VPC中，因此您应使用群集的专用IP 进行连接.就您而言，我认为只需使用私有IP即可解决您的问题.

The timeout is probably because your lambda in VPC cannot access Internet in order to connect to your cluster(you seem to be using the public hostname to connect). Your connection options depend on your cluster configuration. Since both your lambda function and cluster are in the same VPC, you should use the private IP of your cluster to connect to it. In your case, I think simply using the private IP should solve your problem.

取决于集群是否可公开访问，需要牢记一些要点.

Depending on whether your cluster is publicly accessible, there are some points to keep in mind.

• 如果将群集配置为不能可公开访问，则可以从运行在VPC上的lambda 使用专用IP连接到群集它应该起作用.

• If your cluster is configured to NOT be publicly accessible, you can use the private IP to connect to the cluster from your lambda running in a VPC and it should work.

如果您在VPC中具有可公开访问的群集，并且您想要 通过使用VPC内部的专用IP地址连接到它，确保将以下VPC参数设置为true/是:

If you have a publicly accessible cluster in a VPC, and you want to connect to it by using the private IP address from within the VPC, make sure the following VPC parameters to true/yes:

• DNS解析
• DNS主机名

如果您未将这些参数设置为true，则 VPC中的连接将解析为EIP，而不是专用IP，并且您的lambda将无法在没有Internet访问的情况下进行连接 (将需要NAT网关或NAT实例).

If you do not set these parameters to true, connections from within VPC will resolve to the EIP instead of the private IP and your lambda won't be able to connect without having Internet access(which will need a NAT gateway or a NAT instance).

此外，文档注释 ="noreferrer">此处.

Also, an important note from the documentation here.

如果您在VPC中有一个现有的公共可访问群集， VPC内部的连接将继续使用EIP来 即使设置了这些参数，也要连接到集群，直到调整大小为止 集群.任何新的群集将遵循使用的新行为 连接到公众可访问的专用IP地址 在同一VPC内进行群集.

If you have an existing publicly accessible cluster in a VPC, connections from within the VPC will continue to use the EIP to connect to the cluster even with those parameters set until you resize the cluster. Any new clusters will follow the new behavior of using the private IP address when connecting to the publicly accessible cluster from within the same VPC.

这篇关于AWS Lambda超时连接到RedShift的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！