"Client network socket disconnected before secure TLS connection was established" 从 Lambda 访问 AWS SQS 时
"Client network socket disconnected before secure TLS connection was established" when hitting AWS SQS from Lambda
我有一个Cloudwatch Events Rule that periodically invokes an AWS Lambda. This Lambda attempts to pull a message from an AWS SQS queue using the receiveMessage SDK method。然后,如果有消息,它会调用 AWS Step Function。此过程在本地调用时有效。但是,当 Cloudwatch 触发它时,我收到错误 Client network socket disconnected before secure TLS connection was established。请参阅下面的代码:
module.exports.triggerStepFunction = () => {
let sqs = new AWS.SQS({apiVersion: '2012-11-05'})
let params = {
QueueUrl: 'my_endpoint',
AttributeNames: [
'All'
],
MessageAttributeNames: [
'All'
],
MaxNumberOfMessages: 1,
ReceiveRequestAttemptId: Date.now().toString(),
VisibilityTimeout: 10,
WaitTimeSeconds: 6
}
sqs.receiveMessage(params, function(err, receiveMessageData) {
if (err) {
return err
} else {
return receiveMessageData
}
})
}
这是怎么回事,我该如何解决?
看起来解决方案是创建一个具有适当权限的新 IAM 角色并将其附加到 lambda。我正在使用 Serverless,所以我将以下内容添加到我的 serverless.yml 文件并将其附加到 lambda:
resources:
Resources:
SQSLambdaRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action:
- sts:AssumeRole
Path: '/'
Policies:
- PolicyName: logs
PolicyDocument:
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: arn:aws:logs:*:*:*
- PolicyName: sqs
PolicyDocument:
Statement:
- Effect: Allow
Action:
- sqs:ReceiveMessage
- sqs:SendMessage
- sqs:DeleteMessage
Resource: <MY_SQS_RESOURCE_ARN>
我有一个Cloudwatch Events Rule that periodically invokes an AWS Lambda. This Lambda attempts to pull a message from an AWS SQS queue using the receiveMessage SDK method。然后,如果有消息,它会调用 AWS Step Function。此过程在本地调用时有效。但是,当 Cloudwatch 触发它时,我收到错误 Client network socket disconnected before secure TLS connection was established。请参阅下面的代码:
module.exports.triggerStepFunction = () => {
let sqs = new AWS.SQS({apiVersion: '2012-11-05'})
let params = {
QueueUrl: 'my_endpoint',
AttributeNames: [
'All'
],
MessageAttributeNames: [
'All'
],
MaxNumberOfMessages: 1,
ReceiveRequestAttemptId: Date.now().toString(),
VisibilityTimeout: 10,
WaitTimeSeconds: 6
}
sqs.receiveMessage(params, function(err, receiveMessageData) {
if (err) {
return err
} else {
return receiveMessageData
}
})
}
这是怎么回事,我该如何解决?
看起来解决方案是创建一个具有适当权限的新 IAM 角色并将其附加到 lambda。我正在使用 Serverless,所以我将以下内容添加到我的 serverless.yml 文件并将其附加到 lambda:
resources:
Resources:
SQSLambdaRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action:
- sts:AssumeRole
Path: '/'
Policies:
- PolicyName: logs
PolicyDocument:
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: arn:aws:logs:*:*:*
- PolicyName: sqs
PolicyDocument:
Statement:
- Effect: Allow
Action:
- sqs:ReceiveMessage
- sqs:SendMessage
- sqs:DeleteMessage
Resource: <MY_SQS_RESOURCE_ARN>