带有VPC的AWS Lambda函数仅在私有子网中有效 [英] AWS Lambda Function with VPC only works when in Private Subnet
问题描述
我一直在努力整合Amazon Lambda函数以及与mySQL DB和外部API的RDS的连接.要访问API,需要有一个Internet网关,然后是允许来自 0.0.0.0/0 的连接的安全组.
I have been working on integrating an Amazon Lambda function with connection to a RDS for the mySQL DB and an external API. To access the API, there needed to be an internet gateway and then security groups that allowed connection from 0.0.0.0/0.
我有一个公共子网和一个私有子网.公共子网路由到Internet网关,而私有子网路由到NAT.
I have a a public subnet and private subnet. The public subnet routes to the internet gateway but the private subnet routes to a NAT.
这使我认为,如果我使用Public子网运行Lambda函数,它将连接到Internet.但是,每次超时.但是,当我从专用子网中运行lambda函数时,它起作用了!因此NAT似乎可以正常工作,因为那是私有sunet所关联的,但是仅使用Internet网关是行不通的.
This lead me to think that if I ran the Lambda function with the Public subnet, it would connect to the internet. However, every time it timed out. But, when I ran the lambda function from within the private subnet, it worked! So it the NAT seems to work since that is what the private sunet was associated with, but just using the internet gateway does not work.
有人对此有任何解释吗?
Does anyone have any explanation for this?
推荐答案
要使Amazon Lambda函数连接到Internet,必须满足以下条件之一:
For an Amazon Lambda function to connect to the Internet, ONE of the following is required:
- Lambda函数未 连接到VPC, OR
- Lambda功能已连接到私有子网,并且已配置NAT网关/NAT实例 OR
- Lambda功能连接到公共子网,并且为子网中Lambda功能使用的弹性网络接口(ENI)分配了一个弹性IP地址
- The Lambda function is not connected to a VPC, OR
- The Lambda function is connected to a private subnet and there is a NAT Gateway/NAT Instance configured, OR
- The Lambda function is connected to a public subnet and an Elastic IP address is assigned to the Elastic Network Interface (ENI) being used by the Lambda function in the subnet
仅将Lambda函数连接到公共子网(没有EIP)将不提供Internet访问.
Merely connecting a Lambda function to a public subnet (without an EIP) will not provide Internet access.
这篇关于带有VPC的AWS Lambda函数仅在私有子网中有效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
