使用 VPC 配置添加 AWS Lambda 导致访问 S3 时超时
Adding AWS Lambda with VPC configuration causes timeout when accessing S3
我正在尝试从 AWS Lambda 访问 S3 和我的 VPC 上的资源,但由于我将 AWS Lambda 配置为访问 VPC,因此在访问 S3 时超时。
这是代码
from __future__ import print_function
import boto3
import logging
import json
print('Loading function')
s3 = boto3.resource('s3')
import urllib
def lambda_handler(event, context):
logging.getLogger().setLevel(logging.INFO)
# Get the object from the event and show its content type
bucket = event['Records'][0]['s3']['bucket']['name']
key = urllib.unquote_plus(event['Records'][0]['s3']['object']['key']).decode('utf8')
print('Processing object {} from bucket {}. '.format(key, bucket))
try:
response = s3.Object(bucket, key)
content = json.loads(response.get()['Body'].read())
# with table.batch_writer() as batch:
for c in content:
print(' Processing Item : ID' + str(c['id']))
# ##################
# Do custom processing here using VPC resources
# ##################
except Exception as e:
print('Error while processing object {} from bucket {}. '.format(key, bucket))
print(e)
raise e
我已经使用适当的出站规则设置我的子网和安全组以访问 Internet,如下所示,但我的 Lambda 在访问 S3 时只是超时。
这也是测试输入的示例
# Test Event Configuration
{
"Records": [
{
"awsRegion": "us-east-1",
"eventName": "ObjectCreated:Put",
"eventSource": "aws:s3",
"eventTime": "2016-02-11T19:11:46.058Z",
"eventVersion": "2.0",
"requestParameters": {
"sourceIPAddress": "54.88.229.196"
},
"responseElements": {
"x-amz-id-2": "ljEg+Y/InHDO8xA9c+iz6DTKKenmTaGE9UzHOAabarRmpDF1z0eUJBdpGi37Z2BU9nbTh4p7oZg=",
"x-amz-request-id": "3D98A2325EC127C6"
},
"s3": {
"bucket": {
"arn": "arn:aws:s3:::social-gauge-data",
"name": "social-gauge-data",
"ownerIdentity": {
"principalId": "A1NCXDU7DLYS07"
}
},
"configurationId": "b5540417-a0ac-4ed0-9619-8f27ba949694",
"object": {
"eTag": "9c5116c70e8b3628380299e39e0e9d33",
"key": "posts/test/testdata",
"sequencer": "0056BCDCF1F544BD71",
"size": 72120
},
"s3SchemaVersion": "1.0"
},
"userIdentity": {
"principalId": "AWS:AROAIUFL6WAMNRLUBLL3K:AWSFirehoseDelivery"
}
}
]
}
在 Lambda 中启用 VPC 支持后,您的函数将无法再访问 VPC 之外的任何内容,包括 S3。特别是对于 S3,您可以使用 VPC Endpoints 来解决这个问题。对于 VPC 之外的几乎所有其他内容,您需要在 VPC 中创建 NAT 实例或托管 NAT 网关,以将流量从 Lambda 函数路由到 VPC 之外的端点。
我会阅读 Lambda VPC support announcement,并特别注意最后的 "Things to Know" 部分。
我正在尝试从 AWS Lambda 访问 S3 和我的 VPC 上的资源,但由于我将 AWS Lambda 配置为访问 VPC,因此在访问 S3 时超时。 这是代码
from __future__ import print_function
import boto3
import logging
import json
print('Loading function')
s3 = boto3.resource('s3')
import urllib
def lambda_handler(event, context):
logging.getLogger().setLevel(logging.INFO)
# Get the object from the event and show its content type
bucket = event['Records'][0]['s3']['bucket']['name']
key = urllib.unquote_plus(event['Records'][0]['s3']['object']['key']).decode('utf8')
print('Processing object {} from bucket {}. '.format(key, bucket))
try:
response = s3.Object(bucket, key)
content = json.loads(response.get()['Body'].read())
# with table.batch_writer() as batch:
for c in content:
print(' Processing Item : ID' + str(c['id']))
# ##################
# Do custom processing here using VPC resources
# ##################
except Exception as e:
print('Error while processing object {} from bucket {}. '.format(key, bucket))
print(e)
raise e
我已经使用适当的出站规则设置我的子网和安全组以访问 Internet,如下所示,但我的 Lambda 在访问 S3 时只是超时。
这也是测试输入的示例
# Test Event Configuration
{
"Records": [
{
"awsRegion": "us-east-1",
"eventName": "ObjectCreated:Put",
"eventSource": "aws:s3",
"eventTime": "2016-02-11T19:11:46.058Z",
"eventVersion": "2.0",
"requestParameters": {
"sourceIPAddress": "54.88.229.196"
},
"responseElements": {
"x-amz-id-2": "ljEg+Y/InHDO8xA9c+iz6DTKKenmTaGE9UzHOAabarRmpDF1z0eUJBdpGi37Z2BU9nbTh4p7oZg=",
"x-amz-request-id": "3D98A2325EC127C6"
},
"s3": {
"bucket": {
"arn": "arn:aws:s3:::social-gauge-data",
"name": "social-gauge-data",
"ownerIdentity": {
"principalId": "A1NCXDU7DLYS07"
}
},
"configurationId": "b5540417-a0ac-4ed0-9619-8f27ba949694",
"object": {
"eTag": "9c5116c70e8b3628380299e39e0e9d33",
"key": "posts/test/testdata",
"sequencer": "0056BCDCF1F544BD71",
"size": 72120
},
"s3SchemaVersion": "1.0"
},
"userIdentity": {
"principalId": "AWS:AROAIUFL6WAMNRLUBLL3K:AWSFirehoseDelivery"
}
}
]
}
在 Lambda 中启用 VPC 支持后,您的函数将无法再访问 VPC 之外的任何内容,包括 S3。特别是对于 S3,您可以使用 VPC Endpoints 来解决这个问题。对于 VPC 之外的几乎所有其他内容,您需要在 VPC 中创建 NAT 实例或托管 NAT 网关,以将流量从 Lambda 函数路由到 VPC 之外的端点。
我会阅读 Lambda VPC support announcement,并特别注意最后的 "Things to Know" 部分。