如何解决AWS Lambda + VPC弹性IP超时
我正在尝试为多个lambda分配一个静态ip,以便当lambda调用特定服务时,我可以将该IP列入白名单。
我能够使它正常工作,但据我所知,它将随机开始花费将近2分钟的时间返回500ms之前的位置,或者只是一起开始超时。
以下是我用来设置此VPC的cloudformation,在此cloudformation中,我设置了以下内容:
- 公共子网
- 私有子网
- NAT网关
- 弹性IP
- 2条路线(公共/私人)
- Internet网关
{
"AWSTemplateFormatVersion": "2010-09-09","Description": "AWS CloudFormation for VPC","Parameters": {
"env": {
"Type": "String"
}
},"Resources": {
"VPCStaticIP": {
"Type": "AWS::EC2::VPC","Properties": {
"CidrBlock": "11.0.0.0/16","Tags": [
{
"Key": "Name","Value": {
"Fn::Join": [
"",["lambavpc","-",{ "Ref": "env" }]
]
}
}
]
}
},"SubnetPublic": {
"Type": "AWS::EC2::Subnet","Properties": {
"CidrBlock": "11.0.0.0/24",[
"lambavpc",{ "Ref": "env" },"public-subnet"
]
]
}
}
],"VpcId": {
"Ref": "VPCStaticIP"
}
}
},"SubnetPrivate": {
"Type": "AWS::EC2::Subnet","Properties": {
"CidrBlock": "11.0.1.0/24","private-subnet"
]
]
}
}
],"InternetGateway": {
"Type": "AWS::EC2::InternetGateway","Properties": {
"Tags": [
{
"Key": "Name","igw"]
]
}
}
]
}
},"VPCGatewayAttachment": {
"Type": "AWS::EC2::VPCGatewayAttachment","Properties": {
"InternetGatewayId": {
"Ref": "InternetGateway"
},"RouteTablePublic": {
"Type": "AWS::EC2::RouteTable","Properties": {
"VpcId": {
"Ref": "VPCStaticIP"
},"public-route"
]
]
}
}
]
}
},"RoutePublic": {
"Type": "AWS::EC2::Route","Properties": {
"DestinationCidrBlock": "0.0.0.0/0","GatewayId": {
"Ref": "InternetGateway"
},"RouteTableId": {
"Ref": "RouteTablePublic"
}
}
},"SubnetRouteTableAssociationPublic": {
"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {
"RouteTableId": {
"Ref": "RouteTablePublic"
},"SubnetId": {
"Ref": "SubnetPublic"
}
}
},"EIP": {
"Type": "AWS::EC2::EIP","Properties": {
"Domain": "vpc","eip"]
]
}
}
]
}
},"NatGateway": {
"Type": "AWS::EC2::NatGateway","Properties": {
"AllocationId": {
"Fn::GetAtt": ["EIP","AllocationId"]
},"RouteTablePrivate": {
"Type": "AWS::EC2::RouteTable","private-route"
]
]
}
}
]
}
},"RoutePrivate": {
"Type": "AWS::EC2::Route","NatGatewayId": {
"Ref": "NatGateway"
},"RouteTableId": {
"Ref": "RouteTablePrivate"
}
}
},"SubnetRouteTableMainAssociationPrivate": {
"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {
"RouteTableId": {
"Ref": "RouteTablePrivate"
},"SubnetId": {
"Ref": "SubnetPrivate"
}
}
}
},"Outputs": {}
}
我已经做了很多研究,并找到了以下参考文献:
- https://gist.github.com/reggi/dc5f2620b7b4f515e68e46255ac042a7
- AWS Lambda: How to set up a NAT gateway for a lambda function with VPC access
但是我似乎无法推断我正在做的事情和他们所建议的事情之间的差异。
任何建议将不胜感激!
解决方法
EIP超时可能是因为您的AWS::EC2::VPCGatewayAttachment上没有 DependsOn attribute。在您的情况下,必需:
如果您定义弹性IP地址并将其与同一模板中定义的VPC关联,则必须使用此资源上的DependsOn属性声明对VPC网关附件的依赖性
因此,您可以尝试以下添加依赖项的操作:
"EIP": {
"Type": "AWS::EC2::EIP","DependsOn" : "VPCGatewayAttachment","Properties": {
"Domain": "vpc","Tags": [
{
"Key": "Name","Value": {
"Fn::Join": [
"",["lambavpc","-",{ "Ref": "env" },"eip"]
]
}
}
]
}
}
此外,如果可能的话,我会考虑将10.0.0.0/16的{{3}}用于您的VPC和子网,而不是11.0.0.0/16。范围是private IP range,供AWS使用:
创建VPC时,我们建议,您从RFC 1918中指定的私有IPv4地址范围中指定CIDR块(/ 16或更小):
- 10.0.0.0-10.255.255.255(前缀10/8)
- 172.16.0.0-172.31.255.255(172.16 / 12前缀)
- 192.168.0.0-192.168.255.255(192.168 / 16前缀)
您没有显示如何创建Lambda函数,它是在CloudFormation之外创建的吗?听起来您已经将Lambda函数配置为同时使用两个VPC子网,并且当它在公共子网中运行时,它会超时。您需要将Lambda功能配置为仅将私有子网与到NAT网关的路由一起使用。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。