本文介绍了Lambda无法访问RDS，尽管它们位于同一VPC中的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我已经使用以下 CloudFormation VPC 和 RDS c>。

I have created VPC and RDS with the below CloudFormation.

Resources:
  TestVpc:
    Type: "AWS::EC2::VPC"
    Properties:
      CidrBlock: "10.0.0.0/16"
      EnableDnsSupport: true
      EnableDnsHostnames: true
  TestSubnetA:
    Type: "AWS::EC2::Subnet"
    Properties:
      AvailabilityZone: "ap-northeast-1a"
      CidrBlock: "10.0.0.0/20"
      VpcId: !Ref TestVpc
  TestSubnetB:
    Type: "AWS::EC2::Subnet"
    Properties:
      AvailabilityZone: "ap-northeast-1d"
      CidrBlock: "10.0.16.0/20"
      VpcId: !Ref TestVpc
  TestSubnetC:
    Type: "AWS::EC2::Subnet"
    Properties:
      AvailabilityZone: "ap-northeast-1c"
      CidrBlock: "10.0.32.0/20"
      VpcId: !Ref TestVpc
  TestSecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
      GroupDescription: "Test security group with cloduformation"
      SecurityGroupIngress:
        - CidrIp: "10.0.0.0/16"
          IpProtocol: "tcp"
          FromPort: 0
          ToPort: 65535
      SecurityGroupEgress:
        - CidrIp: "0.0.0.0/0"
          FromPort: 0
          ToPort: 65535
          IpProtocol: "tcp"
      VpcId: !Ref TestVpc

  TestSubnetGroup:
    Type: "AWS::RDS::DBSubnetGroup"
    Properties:
      DBSubnetGroupDescription: "TestSubnetGroupDesc"
      SubnetIds:
        - !Ref TestSubnetA
        - !Ref TestSubnetB
        - !Ref TestSubnetC

  TestRDS:
    Type: "AWS::RDS::DBInstance"
    Properties:
      DBInstanceClass: "db.t2.micro"
      DBInstanceIdentifier: "rekog-moderation"
      DBName: "rekog"

      Engine: "postgres"
      EngineVersion: "10.4"

      MasterUsername: "rekog"
      MasterUserPassword: "passwd"
      AllocatedStorage: "20"

      DBSubnetGroupName: !Ref TestSubnetGroup
      VPCSecurityGroups:
        - !Ref TestSecurityGroup

RDS的结果

The result of RDS

当 Lambda 尝试使用域名 rekog-moderation.cokqwd6ixsnc.ap-northeast-1.rds.amazonaws.com 进行访问，建立连接时返回超时错误到 RDS 。

When Lambda try to access with Domain name rekog-moderation.cokqwd6ixsnc.ap-northeast-1.rds.amazonaws.com, it returns timeout error while making a connection to RDS.

我想念什么？

推荐答案

，您需要添加安全组自引用根据进入规则，为了允许安全组的所有成员相互通信。像这样的东西：

you need to add security group self-reference in ingress rule, in order to allow all members of security group to communicate with each other. Something like:

"TestSecurityGroupIngress": {
  "Type": "AWS::EC2::SecurityGroupIngress",
  "Properties": {
    "GroupId": { "Ref": "TestSecurityGroup" },
    "IpProtocol": "tcp",
    "FromPort": "0",
    "ToPort": "65535",
    "SourceSecurityGroupId": { "Ref": "TestSecurityGroup" }
  }
}

您可以在

这篇关于Lambda无法访问RDS，尽管它们位于同一VPC中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！