AWS Lambda函数无法连接到互联网
问题描述:
我正在运行一个lambda函数,我想同时访问私有数据库服务器和Internet.我可以正常访问数据库,但无法访问互联网.
I am running a lambda function that I would like to access both a private database server and the internet. I can reach the database just fine, but I am not able to reach the internet.
设置:
VPC (10.0.0.0/16)
Public-Subnet (10.0.0.0/24)
NAT-Security-Group (see security groups below)
NAT-Server (AMI NAT instance)
Private-Subnet-1 (10.0.1.0/24) & Private-Subnet-2 (10.0.2.0/24)
DB-Security-Group (see security groups below)
DB-Server (RDS PostgreSQL instance)
Lambda-Security-Group (see security groups below)
Lambda-Function
安全组为:
NAT-Security-Group
Inbound:
HTTP & HTTPS from source: Lambda-Security-Group
SSH from 0.0.0.0/0
Outbound:
All traffic
DB-Security-Group
Inbound:
PostgreSQL from source: Lambda-Security-Group
Outbound:
All traffic
Lambda-Security-Group
Inbound:
HTTP & HTTPS from source: NAT-Security-Group
Outbound:
All traffic
子网的路由表为:
Public-Subnet:
10.0.0.0/16 local
0.0.0.0/0 Internet-Gateway
Private-Subnet-1 & Private-Subnet-2
10.0.0.0/16 local
0.0.0.0/0 NAT-Server
我在这里不知所措.为什么lambda函数无法连接到互联网(连接超时错误)?
I'm at a loss here. Why can't the lambda function reach the internet (connection timeout errors)?
答
问题在于安全组的入站/出站规则.通过上面的配置,我更新了安全组以匹配:
The issue was with the inbound/outbound rules for the security groups. With the configuration above, I updated the security groups to match:
NAT-Security-Group
Inbound:
HTTP & HTTPS from source: Lambda-Security-Group
SSH from source: 0.0.0.0/0
Outbound:
HTTP & HTTPS to destination: 0.0.0.0/0
DB-Security-Group
Inbound:
PostgreSQL from source: Lambda-Security-Group
Outbound:
None
Lambda-Security-Group
Inbound:
None
Outbound:
HTTP & HTTP to destination: NAT-Security-Group
PostgreSQL to source: DB-Security-Group
Lambda函数现在具有Internet连接.
The Lambda function now has internet connectivity.