本文介绍了Lambda无法访问RDS,尽管它们位于同一VPC中的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我已经使用以下 CloudFormation $ c $创建了
VPC
和 RDS
c>。
I have created VPC
and RDS
with the below CloudFormation
.
Resources:
TestVpc:
Type: "AWS::EC2::VPC"
Properties:
CidrBlock: "10.0.0.0/16"
EnableDnsSupport: true
EnableDnsHostnames: true
TestSubnetA:
Type: "AWS::EC2::Subnet"
Properties:
AvailabilityZone: "ap-northeast-1a"
CidrBlock: "10.0.0.0/20"
VpcId: !Ref TestVpc
TestSubnetB:
Type: "AWS::EC2::Subnet"
Properties:
AvailabilityZone: "ap-northeast-1d"
CidrBlock: "10.0.16.0/20"
VpcId: !Ref TestVpc
TestSubnetC:
Type: "AWS::EC2::Subnet"
Properties:
AvailabilityZone: "ap-northeast-1c"
CidrBlock: "10.0.32.0/20"
VpcId: !Ref TestVpc
TestSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: "Test security group with cloduformation"
SecurityGroupIngress:
- CidrIp: "10.0.0.0/16"
IpProtocol: "tcp"
FromPort: 0
ToPort: 65535
SecurityGroupEgress:
- CidrIp: "0.0.0.0/0"
FromPort: 0
ToPort: 65535
IpProtocol: "tcp"
VpcId: !Ref TestVpc
TestSubnetGroup:
Type: "AWS::RDS::DBSubnetGroup"
Properties:
DBSubnetGroupDescription: "TestSubnetGroupDesc"
SubnetIds:
- !Ref TestSubnetA
- !Ref TestSubnetB
- !Ref TestSubnetC
TestRDS:
Type: "AWS::RDS::DBInstance"
Properties:
DBInstanceClass: "db.t2.micro"
DBInstanceIdentifier: "rekog-moderation"
DBName: "rekog"
Engine: "postgres"
EngineVersion: "10.4"
MasterUsername: "rekog"
MasterUserPassword: "passwd"
AllocatedStorage: "20"
DBSubnetGroupName: !Ref TestSubnetGroup
VPCSecurityGroups:
- !Ref TestSecurityGroup
RDS的结果
The result of RDS
当 Lambda
尝试使用域名 rekog-moderation.cokqwd6ixsnc.ap-northeast-1.rds.amazonaws.com
进行访问,建立连接时返回超时错误到 RDS
。
When Lambda
try to access with Domain name rekog-moderation.cokqwd6ixsnc.ap-northeast-1.rds.amazonaws.com
, it returns timeout error while making a connection to RDS
.
我想念什么?
推荐答案
,您需要添加安全组自引用根据进入规则,为了允许安全组的所有成员相互通信。像这样的东西:
you need to add security group self-reference in ingress rule, in order to allow all members of security group to communicate with each other. Something like:
"TestSecurityGroupIngress": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": { "Ref": "TestSecurityGroup" },
"IpProtocol": "tcp",
"FromPort": "0",
"ToPort": "65535",
"SourceSecurityGroupId": { "Ref": "TestSecurityGroup" }
}
}
您可以在
这篇关于Lambda无法访问RDS,尽管它们位于同一VPC中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!