尝试设置 lambda 以访问我在 AWS 上的 RDS 服务器但超时
Trying to setup lambda to access my RDS server on AWS but getting timeouts
我知道 AWS 现在允许这样做,并且 instructions 可以进行手动设置。不过,我正在尝试将其设置为 cloudformation,但 运行 遇到了困难。目前,当我尝试访问我的 RDS 服务器时,出现 connect ETIMEDOUT 错误。
我的 VPC、子网和安全组设置如下:
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsSupport": "false",
"EnableDnsHostnames": "false",
"InstanceTenancy": "default",
"Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }]
}
},
"SubnetA": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": { "Ref": "VPC" },
"CidrBlock": "10.0.0.0/24",
"AvailabilityZone": { "Fn::Select": [ "0", { "Fn::GetAZs": { "Ref": "AWS::Region" } }]},
"Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }]
}
},
"SubnetB": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": { "Ref": "VPC" },
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": { "Fn::Select": [ "1", { "Fn::GetAZs": { "Ref": "AWS::Region" } }]},
"Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }]
}
},
"SubnetGroup": {
"Type": "AWS::RDS::DBSubnetGroup",
"Properties": {
"DBSubnetGroupDescription": "Database Access",
"SubnetIds" : [{ "Ref": "SubnetA" }, { "Ref": "SubnetB" }],
"Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }]
}
},
"SecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Database Access",
"VpcId": {"Ref": "VPC"},
"SecurityGroupIngress" : [{
"IpProtocol": "tcp",
"FromPort": "3306",
"ToPort": "3306",
"CidrIp": "10.0.0.0/16"
}],
"Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }]
}
},
我实际上并没有使用 SubnetB,但要使 AWS::RDS::DBSubnetGroup 您至少需要两个可用区中的子网。
我的 RDS 数据库设置了 VPC 和安全组。
"Database": {
"Type": "AWS::RDS::DBInstance",
"Properties": {
"DBName": { "Fn::Join": ["", { "Fn::Split": [".", { "Ref": "DomainName" }]}]},
"AllocatedStorage": "5",
"DBInstanceClass": "db.t2.micro",
"Engine": "MySQL",
"EngineVersion": "5.5",
"MasterUsername": { "Ref": "DBUsername" },
"MasterUserPassword": { "Ref": "DBPassword" },
"DBSubnetGroupName": { "Ref": "SubnetGroup" },
"VPCSecurityGroups" : [{ "Fn::GetAtt": [ "SecurityGroup", "GroupId" ] }],
"Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }]
},
"DeletionPolicy": "Snapshot"
},
所以我认为数据库端正确地位于 VPC 中并且能够与两个子网通信。
我的 lambda 在安全组和 SubnetA 中设置。
"LambdaFunctionUpdate": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"ZipFile": "exports.handler = function (event, context) { context.succeed(\"Hello, World!\"); };"
},
"Description": "Used to create and or sync database tables to the application models",
"Handler": "index.handler",
"MemorySize": 128,
"Role": { "Fn::GetAtt": ["LambdaExecutionRole", "Arn" ] },
"Runtime": "nodejs4.3",
"Timeout": 30,
"VpcConfig": {
"SecurityGroupIds": [{ "Fn::GetAtt": ["SecurityGroup", "GroupId"] }],
"SubnetIds": [{"Ref": "SubnetA"}]
}
}
},
在所有操作结束时,我正在输出数据库端点信息。
"Outputs": {
"DatabaseEndpoint": {
"Value": { "Fn::Join" : [":", [{ "Fn::GetAtt": ["Database", "Endpoint.Address" ] }, { "Fn::GetAtt": ["Database", "Endpoint.Port" ] }]]},
"Description": "Database endpoint"
}
}
当我 运行 我的 lambda 并尝试使用给定的端点连接到 RDS 服务器时,我收到超时错误。
{
"errorMessage": "connect ETIMEDOUT",
"errorType": "SequelizeConnectionError",
"stackTrace": [
"Handshake._callback (/var/task/node_modules/sequelize/lib/dialects/mysql/connection-manager.js:95:20)",
"Handshake.Sequence.end (/var/task/node_modules/mysql/lib/protocol/sequences/Sequence.js:86:24)",
"Protocol.handleNetworkError (/var/task/node_modules/mysql/lib/protocol/Protocol.js:364:14)",
"Connection._handleNetworkError (/var/task/node_modules/mysql/lib/Connection.js:428:18)",
"Connection._handleConnectTimeout (/var/task/node_modules/mysql/lib/Connection.js:424:8)",
"Socket.g (events.js:260:16)",
"emitNone (events.js:67:13)",
"Socket.emit (events.js:166:7)",
"Socket._onTimeout (net.js:318:8)",
"_runOnTimeout (timers.js:524:11)",
"_makeTimerTimeout (timers.js:515:3)",
"Timer.unrefTimeout (timers.js:584:5)"
]
}
VPC 配置不正确。无法关闭 DNS 服务。
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "true",
"InstanceTenancy": "default",
"Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }]
}
},
我知道 AWS 现在允许这样做,并且 instructions 可以进行手动设置。不过,我正在尝试将其设置为 cloudformation,但 运行 遇到了困难。目前,当我尝试访问我的 RDS 服务器时,出现 connect ETIMEDOUT 错误。
我的 VPC、子网和安全组设置如下:
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsSupport": "false",
"EnableDnsHostnames": "false",
"InstanceTenancy": "default",
"Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }]
}
},
"SubnetA": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": { "Ref": "VPC" },
"CidrBlock": "10.0.0.0/24",
"AvailabilityZone": { "Fn::Select": [ "0", { "Fn::GetAZs": { "Ref": "AWS::Region" } }]},
"Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }]
}
},
"SubnetB": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": { "Ref": "VPC" },
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": { "Fn::Select": [ "1", { "Fn::GetAZs": { "Ref": "AWS::Region" } }]},
"Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }]
}
},
"SubnetGroup": {
"Type": "AWS::RDS::DBSubnetGroup",
"Properties": {
"DBSubnetGroupDescription": "Database Access",
"SubnetIds" : [{ "Ref": "SubnetA" }, { "Ref": "SubnetB" }],
"Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }]
}
},
"SecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Database Access",
"VpcId": {"Ref": "VPC"},
"SecurityGroupIngress" : [{
"IpProtocol": "tcp",
"FromPort": "3306",
"ToPort": "3306",
"CidrIp": "10.0.0.0/16"
}],
"Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }]
}
},
我实际上并没有使用 SubnetB,但要使 AWS::RDS::DBSubnetGroup 您至少需要两个可用区中的子网。
我的 RDS 数据库设置了 VPC 和安全组。
"Database": {
"Type": "AWS::RDS::DBInstance",
"Properties": {
"DBName": { "Fn::Join": ["", { "Fn::Split": [".", { "Ref": "DomainName" }]}]},
"AllocatedStorage": "5",
"DBInstanceClass": "db.t2.micro",
"Engine": "MySQL",
"EngineVersion": "5.5",
"MasterUsername": { "Ref": "DBUsername" },
"MasterUserPassword": { "Ref": "DBPassword" },
"DBSubnetGroupName": { "Ref": "SubnetGroup" },
"VPCSecurityGroups" : [{ "Fn::GetAtt": [ "SecurityGroup", "GroupId" ] }],
"Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }]
},
"DeletionPolicy": "Snapshot"
},
所以我认为数据库端正确地位于 VPC 中并且能够与两个子网通信。
我的 lambda 在安全组和 SubnetA 中设置。
"LambdaFunctionUpdate": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"ZipFile": "exports.handler = function (event, context) { context.succeed(\"Hello, World!\"); };"
},
"Description": "Used to create and or sync database tables to the application models",
"Handler": "index.handler",
"MemorySize": 128,
"Role": { "Fn::GetAtt": ["LambdaExecutionRole", "Arn" ] },
"Runtime": "nodejs4.3",
"Timeout": 30,
"VpcConfig": {
"SecurityGroupIds": [{ "Fn::GetAtt": ["SecurityGroup", "GroupId"] }],
"SubnetIds": [{"Ref": "SubnetA"}]
}
}
},
在所有操作结束时,我正在输出数据库端点信息。
"Outputs": {
"DatabaseEndpoint": {
"Value": { "Fn::Join" : [":", [{ "Fn::GetAtt": ["Database", "Endpoint.Address" ] }, { "Fn::GetAtt": ["Database", "Endpoint.Port" ] }]]},
"Description": "Database endpoint"
}
}
当我 运行 我的 lambda 并尝试使用给定的端点连接到 RDS 服务器时,我收到超时错误。
{
"errorMessage": "connect ETIMEDOUT",
"errorType": "SequelizeConnectionError",
"stackTrace": [
"Handshake._callback (/var/task/node_modules/sequelize/lib/dialects/mysql/connection-manager.js:95:20)",
"Handshake.Sequence.end (/var/task/node_modules/mysql/lib/protocol/sequences/Sequence.js:86:24)",
"Protocol.handleNetworkError (/var/task/node_modules/mysql/lib/protocol/Protocol.js:364:14)",
"Connection._handleNetworkError (/var/task/node_modules/mysql/lib/Connection.js:428:18)",
"Connection._handleConnectTimeout (/var/task/node_modules/mysql/lib/Connection.js:424:8)",
"Socket.g (events.js:260:16)",
"emitNone (events.js:67:13)",
"Socket.emit (events.js:166:7)",
"Socket._onTimeout (net.js:318:8)",
"_runOnTimeout (timers.js:524:11)",
"_makeTimerTimeout (timers.js:515:3)",
"Timer.unrefTimeout (timers.js:584:5)"
]
}
VPC 配置不正确。无法关闭 DNS 服务。
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "true",
"InstanceTenancy": "default",
"Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }]
}
},