无法从我的 vpc 配置的 lambda 函数连接 dynamo Db [英] Cant connect dynamo Db from my vpc configured lambda function
问题描述
我需要从单个 lambda 函数连接弹性缓存和 dynamo 数据库.我的代码是
i need to connect elastic cache and dynamo db from a single lambda function. My code is
exports.handler = (event, context, callback) => {
var redis = require("redis");
var client;
function connectRedisClient() {
client = redis.createClient(6379, "dgdfgdfgdfgdfgdfgfd.use1.cache.amazonaws.com", { no_ready_check: true });
}
connectRedisClient();
client.set('sampleKey', 'Hello World', redis.print);
console.log("set worked");
client.quit();
var AWS = require("aws-sdk");
var docClient = new AWS.DynamoDB.DocumentClient();
var table = "dummy";
var year = 2015;
var title = "The Big New Movie";
var params = {
TableName: table,
Item: {
"userid": "manafcj",
"year": year,
"title": title,
"test1": [645645, 7988],
"info": {
"plot": "Nothing happens at all.",
"rating": 0
}
}
};
console.log("Adding a new item...");
docClient.put(params, function (err, data) {
if (err) {
console.error("Unable to add item. Error JSON:", JSON.stringify(err, null, 2));
} else {
console.log("Added item:", JSON.stringify(data, null, 2));
}
});
callback(null, 'Hello from Lambda');
};
我在没有配置 vpc 的情况下执行了这段 lambda 代码,弹性缓存部分不起作用,但 dynamo 插入完成了.
I executed this lambda code without configuring vpc, elastic cache section is not working , but dynamo insertion is done perfectly.
之后,我按照以下步骤在我的帐户中设置了 VPC.
after that i made setup for VPC in my account by following steps.
创建 vpc名称:测试-vpc-名称CIDR 块:172.31.0.0/16租赁:默认
create vpc name : test-vpc-name CIDR block:172.31.0.0/16 Tenancy:Default
创建一个新的子网.名称标签:test-subnet-1aCIDR 块:172.31.0.0/20
Create a new subnet. name tag : test-subnet-1a CIDR block :172.31.0.0/20
名称标签:test-subnet-1bCIDR 块:172.31.16.0/20
name tag : test-subnet-1b CIDR block :172.31.16.0/20
创建路由表名称标签:测试路由表
Create a route table name tag : test-route-table
创建互联网网关名称:test-internet-gateway
Create a internet gateway name:test-internet-gateway
附加 VPC
在路由中路由所有出站 0.0.0.0/0 流量
Route all outbound 0.0.0.0/0 traffic in routes
创建路由表子网关联
创建 NAT 网关子网:test-subnet-1a
Create a NAT Gateway subnet : test-subnet-1a
我还按照以下步骤配置了我的弹性缓存设置
also i have configured my elastic cache setup by following steps
创建子网缓存组名称:测试缓存组
Create subnet cache group name : test-cache-group
创建弹性缓存
类型:redis集群名称:test-cache
Create elastic cache
type: redis
Cluster Name : test-cache
子网缓存组:test-cache-group
subnet cache group : test-cache-group
最后,我在我的 lambda 函数上配置了新创建的 vpc.然后 redis-elastic 缓存连接工作正常,但 dynamo db 连接丢失.我需要两个 lambda 函数都能正常工作.
Finally, i have configured newly created vpc on my lambda function. Then redis-elastic cache connection is working fine, but dynamo db connection is lost. I need both working fine from a single lambda function.
我认为,使用 NAT 网关的 VPC 配置存在一些错误.
I think, some fault in VPC configuration with NAT Gateway.
这个设置的实际问题是什么?
What is the actual issue in this setup?
推荐答案
Lambda 和 DynamoDB 在 AWS 公共云中执行.两者都是在面向互联网的环境中执行的服务.否则,弹性缓存集群是在您自己的 VPC 上运行的用户托管服务.
Lambda and DynamoDB are executed in the AWS Public Cloud. Both are services executed in a internet facing environment. The Elastic Cache Cluster, otherwise, is user managed service that runs on your own VPC.
让您的 lambda 函数访问您的弹性缓存集群的第一个选项是使用 NAT 实例将外部网络连接转发到您的 VPC 内的弹性缓存集群.您可以从本文档中获取使用说明以帮助你有这个任务.
The first option to give access to your elastic cache cluster to your lambda function is using a NAT instance to foward external network connections to Elastic Cache cluster inside your VPC. You can get use the instructions from this document to help you with this task.
第二个选项是您已经尝试过的选项.亚马逊表示,当您配置此选项时,并不意味着 Lambda 将在您的 VPC 内执行.它定义了 Lambda 容器的弹性网络接口来访问您的 VPC.归根结底,我不认为这有什么不同.您可以在此处查看详细信息.
The second option, is the one that you already tried. Amazon says that when you configure this option it does not means that the Lambda will be executed inside your VPC. What is does it define the Elastic Network Interface of the Lambda container to access your VPC. At the end of day I don't think that this makes difference. You can see the details here.
但重点是,执行 lambda 的容器只有一个弹性网络接口.如果您将 lambda 配置为使用您的 VPC,网络接口将被配置为使用私有 IP 访问您的子网并丢失 Internet 连接.因此,除非您在 VPC 中配置了 NAT 实例/网关,否则它将无法访问 DynamoDB.
But the point is, the container where your lambda is executed has only one Elastic Network Interface. If you configure your lambda to use your VPC, the Network Interface will be configured to access your subnet using a private IP and lost the internet connection. So, it will not be able to access DynamoDB unless you have a configure NAT instance/Gateway in your VPC.
正如你告诉我们的那样.您使用 NAT 网关配置了 VPC.如果所有配置都正确,这应该可以工作.也许您可以尝试第一个选项,将您的 lambda 留在您的 VPC 之外并配置 NAT 网关以将入站连接路由到您的弹性缓存集群.
As per you told us. You configured your VPC with a NAT Gateway. If all were correctly configured, this should be working. Maybe you can try the fist option, leaving your lambda outside your VPC and configuring the NAT Gateway to route the inboud connections to your Elastic Cache Cluster.
为什么不尝试告诉我们结果?
Why don't try and tell us the result?
这篇关于无法从我的 vpc 配置的 lambda 函数连接 dynamo Db的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
