尝试访问 DynamoDB 时 AWS Lambda node.js 超时 [英] AWS Lambda node.js timeout when trying to access DynamoDB
问题描述
我在尝试访问 DynamoDB 问题时遇到了这些 AWS Lambda node.js 超时之一,但症状看起来不同,我找到的解决方案不能解决这个问题.
I'm facing one of these AWS Lambda node.js timeout when trying to access DynamoDB issues but the symptoms appear different and the solutions I found don't solve this issue.
超时设置为 5 分钟,内存设置为 128MB,但使用量不超过 30MB.
该角色的 IAM 策略是:
Timeout is set to 5min, memory is set to 128MB but doesn't exceed 30MB usage.
IAM policies for the role are:
- AWSLambdaFullAccess
- AmazonDynamoDBFullAccess
- AWSLambdaVPCAccessExecutionRole
默认 VPC 有 7 个安全组,默认安全组包括:
The default VPC has 7 security groups and include the default security group with:
- 入站:所有流量、所有协议、所有端口范围,
- 出站:所有流量,所有协议,所有端口范围,0.0.0.0/0
- Inbound: All Traffic, All protocol, All port range,
- Outbound: All Traffic, All protocol, All port range, 0.0.0.0/0
这是代码:
var aws = require('aws-sdk');
exports.handler = function(event, context) {
var dynamo = new aws.DynamoDB();
dynamo.listTables(function(err, data) {
if (err) {
context.fail('Failed miserably:' + err.stack);
} else {
context.succeed('Function Finished! Data :' + data.TableNames);
}
});
};
以及结果:
START RequestId: 5d2a0294-fb6d-11e6-989a-edaa5cb75cba Version: $LATEST
END RequestId: 5d2a0294-fb6d-11e6-989a-edaa5cb75cba
REPORT RequestId: 5d2a0294-fb6d-11e6-989a-edaa5cb75cba Duration: 300000.91 ms Billed Duration: 300000 ms Memory Size: 128 MB Max Memory Used: 21 MB
2017-02-25T15:21:21.778Z 5d2a0294-fb6d-11e6-989a-edaa5cb75cba Task timed out after 300.00 seconds
解决的相关 node.js 版本问题这里对我不起作用并返回a ReferenceError: https 未在 exports.handler (/var/task/index.js:6:16) 中定义".AWS 也弃用了 0.10 版.
这是带有 https 参考的代码:
The related node.js version issue solved here doesn't work for me and returns a "ReferenceError: https is not defined at exports.handler (/var/task/index.js:6:16)". Also AWS has deprecated version 0.10.
Here is the code with the https reference:
var aws = require('aws-sdk');
exports.handler = function(event, context) {
var dynamo = new aws.DynamoDB({
httpOptions: {
agent: new https.Agent({
rejectUnauthorized: true,
secureProtocol: "TLSv1_method",
ciphers: "ALL"
})
}
});
dynamo.listTables(function(err, data) {
if (err) {
context.fail('Failed miserably:' + err.stack);
} else {
context.succeed('Function Finished! Data :' + data.TableNames);
}
});
};
结果:
START RequestId: 6dfd3db7-fae0-11e6-ba81-a52f5fc3c3eb Version: $LATEST
2017-02-24T22:27:31.010Z 6dfd3db7-fae0-11e6-ba81-a52f5fc3c3eb ReferenceError: https is not defined
at exports.handler (/var/task/index.js:6:16)
END RequestId: 6dfd3db7-fae0-11e6-ba81-a52f5fc3c3eb
REPORT RequestId: 6dfd3db7-fae0-11e6-ba81-a52f5fc3c3eb Duration: 81.00 ms Billed Duration: 100 ms Memory Size: 128 MB Max Memory Used: 26 MB
RequestId: 6dfd3db7-fae0-11e6-ba81-a52f5fc3c3eb Process exited before completing request
将超时设置为 5 分钟,我无法相信 AWS 无法在分配的时间范围内返回表列表,并且权限问题通常会出现在日志中.
With a timeout set to 5min I can't believe that AWS wouldn't be able to return the list of tables in the allocated timeframe and permission issues typically appear in the logs.
感谢您对此进行调查.
推荐答案
您不再需要创建 NAT 网关/实例
You no longer need to create a NAT gateway/instance
您可以为 Dynamo DB 创建一个 VPC 端点,它将在私有子网中打开 Lambda 以访问 Dynamo.在您的 VPC 中创建一个与您为 lambda 设置的 VPC/子网设置一致的终端节点,您将不会遇到访问问题.
You can create a VPC Endpoint for Dynamo DB which will open Lambda in the private subnet to access Dynamo. Create an endpoint in your VPC that aligns to the VPC/subnet setup you have for lambda and you will have no issues with access.
您可以限制对特定服务或资源的访问.
You can limit access to specific services or resources.
https://aws.amazon.com/博客/aws/new-vpc-endpoints-for-dynamodb/
这适用于任何全球 AWS 服务、S3 等
This can be done for any global AWS service, S3 etc
这篇关于尝试访问 DynamoDB 时 AWS Lambda node.js 超时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
