问题描述
我试图从AWS Lambda访问VPC上的S3和资源,但是由于我将AWS Lambda配置为访问VPC,因此访问S3时超时.这是代码
I am trying to access S3 and resources on my VPC from AWS Lambda but since I configured my AWS Lambda to access VPC it's timing out when accessing S3.Here's the code
from __future__ import print_function
import boto3
import logging
import json
print('Loading function')
s3 = boto3.resource('s3')
import urllib
def lambda_handler(event, context):
logging.getLogger().setLevel(logging.INFO)
# Get the object from the event and show its content type
bucket = event['Records'][0]['s3']['bucket']['name']
key = urllib.unquote_plus(event['Records'][0]['s3']['object']['key']).decode('utf8')
print('Processing object {} from bucket {}. '.format(key, bucket))
try:
response = s3.Object(bucket, key)
content = json.loads(response.get()['Body'].read())
# with table.batch_writer() as batch:
for c in content:
print(' Processing Item : ID' + str(c['id']))
# ##################
# Do custom processing here using VPC resources
# ##################
except Exception as e:
print('Error while processing object {} from bucket {}. '.format(key, bucket))
print(e)
raise e
我已经为子网和安全组设置了适当的出站规则以访问Internet,如下所示,但是我的Lambda在访问S3时只是超时.
I've set my subnets and security groups with appropriate Outbound rules to access internet as shown below but my Lambda simply times out when accessing S3.
这也是测试输入的示例
# Test Event Configuration
{
"Records": [
{
"awsRegion": "us-east-1",
"eventName": "ObjectCreated:Put",
"eventSource": "aws:s3",
"eventTime": "2016-02-11T19:11:46.058Z",
"eventVersion": "2.0",
"requestParameters": {
"sourceIPAddress": "54.88.229.196"
},
"responseElements": {
"x-amz-id-2": "ljEg+Y/InHDO8xA9c+iz6DTKKenmTaGE9UzHOAabarRmpDF1z0eUJBdpGi37Z2BU9nbTh4p7oZg=",
"x-amz-request-id": "3D98A2325EC127C6"
},
"s3": {
"bucket": {
"arn": "arn:aws:s3:::social-gauge-data",
"name": "social-gauge-data",
"ownerIdentity": {
"principalId": "A1NCXDU7DLYS07"
}
},
"configurationId": "b5540417-a0ac-4ed0-9619-8f27ba949694",
"object": {
"eTag": "9c5116c70e8b3628380299e39e0e9d33",
"key": "posts/test/testdata",
"sequencer": "0056BCDCF1F544BD71",
"size": 72120
},
"s3SchemaVersion": "1.0"
},
"userIdentity": {
"principalId": "AWS:AROAIUFL6WAMNRLUBLL3K:AWSFirehoseDelivery"
}
}
]
}
推荐答案
在Lambda中启用VPC支持后,您的函数将无法再访问VPC之外的任何内容,包括S3.专门使用S3,您可以使用 VPC端点解决这个问题.对于VPC之外的几乎所有其他内容,您需要在VPC中创建NAT实例或托管NAT网关,以将流量从Lambda函数路由到VPC之外的终结点.
Once you enable VPC support in Lambda your function no longer has access to anything outside your VPC, which includes S3. With S3 specifically you can use VPC Endpoints to solve this. For pretty much anything else outside your VPC, you would need to create a NAT instance or a managed NAT gateway in your VPC to route traffic from your Lambda functions to endpoints outside of your VPC.
我会阅读 Lambda VPC支持公告,并特别注意最后的了解事项"部分.
I would read the Lambda VPC support announcement, and pay special attention to the "Things to Know" section at the end.
这篇关于在访问S3时添加具有VPC配置的AWS Lambda会导致超时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!