我是AWS的n00b。

我有一个用Java编写的Lambda，它处理来自SQS队列的S3事件。这些事件是通过在S3存储桶中指定目录中创建文件触发的。

Lambda对从队列接收的单个S3事件的处理（即创建一个文件）按预期工作。

如果我同时创建一批5到10个文件，则会启动Lambda的多个实例（通常为3到5个）来处理结果事件。有些可以正常工作，但是其中至少一种（有时多于一种）会失败。该行为（有点令人沮丧）不一致。

在执行失败的Lambda的过程中，尝试连接到AWS Secrets Manager时会发生第一个错误：

com.amazonaws.http.conn.ssl.SdkTLSSocketFactory - connecting to secretsmanager.ap-southeast-2.amazonaws.com/<ip>:<port>
c.a.http.conn.ClientConnectionManagerFactory - java.lang.reflect.InvocationTargetException: null
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
... stack trace...
Caused by: org.apache.http.conn.ConnectTimeoutException: Connect to secretsmanager.ap-southeast-2.amazonaws.com:<port> [secretsmanager.ap-southeast-2.amazonaws.com/<ip>, secretsmanager.ap-southeast-2.amazonaws.com/<ip>, secretsmanager.ap-southeast-2.amazonaws.com/<ip>] failed: connect timed out
... stack trace...
Caused by: java.net.SocketTimeoutException: connect timed out

com.amazonaws.http.conn.ssl.SdkTLSSocketFactory - Connecting socket to <s3 bucket>.s3.ap-southeast-2.amazonaws.com/<ip>:<port> with timeout 10000
c.a.http.conn.ClientConnectionManagerFactory - java.lang.reflect.InvocationTargetException: null
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
... stack trace...
Caused by: org.apache.http.conn.ConnectTimeoutException: Connect to <s3 bucket>.s3.ap-southeast-2.amazonaws.com:<port> [<s3 bucket>.s3.ap-southeast-2.amazonaws.com/<ip>] failed: connect timed out
... stack trace...
Caused by: java.net.SocketTimeoutException: connect timed out

aws-lambda-java-core: 1.2.0
aws-java-sdk-s3: 1.11.714
aws-java-sdk-events: 1.11.714
aws-java-sdk-secretsmanager: 1.11.718
aws-java-sdk-sqs: 1.11.719

问题是网络问题-Lambda的VPC使用的专用子网之一的路由表配置错误，该路由表分配给了不存在的NAT网关。

添加正确的NAT网关后，Lambda就会按预期工作。

非常感谢John Rotenstein对诊断此问题的帮助。