AWS API Gateway&的公共IP地址Lambda(无VPC) [英] Public IP address for AWS API Gateway & Lambda (no VPC)
问题描述
我已配置了一个AWS API Gateway,并创建了Lambda函数以连接到外部REST API. API网关和Lambda不在VPC中,因此出口IP地址是随机的.我面临的挑战是外部REST API位于防火墙后面,该防火墙要求将Lambda的IP地址或子网列入白名单.
I have provisioned an AWS API Gateway and created a Lambda function to connect to an external REST API. The API Gateway & Lambda is not in a VPC so the egress IP address is random. The challenge I have is the external REST API is behind a firewall, which requires the IP address or subnet of the Lambda to be whitelisted.
我已经查看了下面的"AWS IP地址"页面,但是没有明确提及API网关或Lambda.
I have looked at the AWS IP Address page (below), however there is no explicit mention of either API Gateway or Lambda.
https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html#filter-json-file
在&之前,有没有人遇到过这个问题?找到了解决方案.就此解决方案而言,我不能将API Gateway& VPC中的Lambda.
Has anyone come across this before & found a resolution to it. For the purposes of this solution I cannot put the API Gateway & Lambdas in a VPC.
任何帮助将不胜感激!
推荐答案
API网关似乎与本讨论无关.如果我理解您的问题,则您正在尝试从Lambda函数向远程API服务器发出API请求,并且希望这些请求源自已知的IP地址,以便可以在远程服务器上将该IP列入白名单.
API Gateway seems to be irrelevant to this discussion. If I understand your question, you're trying to make API requests from a Lambda function to a remote API server and you want those requests to originate from a known IP address so that you can whitelist that IP at the remote server.
我要说的第一件事是不要使用IP白名单.而是使用经过身份验证的API请求.
First thing I would say is don't use IP whitelisting; use authenticated API requests instead.
如果这不可能,则使用VPC-使用弹性IP创建NAT,将Lambda启动到该VPC中,并通过NAT路由其所有出站流量.然后在远程API服务器上将NAT的弹性IP列入白名单.示例此处和此处.
If that's not possible then use VPC - create a NAT with an Elastic IP, launch the Lambda into that VPC, and route all its outbound traffic through the NAT. Then whitelist the NAT's Elastic IP on the remote API server. Examples here and here.
我知道您说过无法将Lambda放入VPC",但是如果您不这样做,那么您将无法控制原始IP地址.
I know that you said you "cannot put [...] Lambdas in a VPC", but if you don't then you have no control over the originating IP address.
这篇关于AWS API Gateway&的公共IP地址Lambda(无VPC)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
