问题描述

我正在尝试从Lambda函数访问Redshift数据库.当我在Redshift界面的安全组连接中添加0.0.0.0/0时(如本文)，我能够成功连接.但是，从安全角度来看，我对使用0.0.0.0/0感到不满意.

I am trying to access a Redshift database from a Lambda function. When I add 0.0.0.0/0 to the security group connections in the Redshift interface (as suggested by this article), I am able to connect successfully. From a security perspective, however, I don't feel comfortable using 0.0.0.0/0.

是否有一种方法仅允许Lambda访问Redshift，而不必将其开放给公共互联网?

Is there a way to only allow Lambda to access Redshift without opening it up to the public internet?

我尝试添加 AWS IP范围，但是，这没有不能正常工作(因为它只允许有限数量的安全组连接).

I have tried adding the AWS IP ranges, however, this didn't work (as it only allows a limited number of security group connections).

推荐答案

为您的Lambda功能启用VPC访问，然后将Redshift Security Group打开到分配给Lambda功能的SG，就像您将其打开到EC2服务器一样

Enable VPC access for your Lambda function, and open the Redshift Security Group to the SG assigned to the Lambda function, just like you would open it to an EC2 server.

这篇关于从Lambda访问Redshift-避免使用0.0.0.0/0安全组的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！