AWS Lambda:无法通过具有VPC访问权限的Lambda函数访问SQS队列
我有一个Lambda函数,需要使用它的URL从SQS队列中读取消息.然后,需要将这些数据插入运行在VPC内的服务器上的Cassandra中.
I have a Lambda function that needs to read messages from an SQS queue using it's URL. Then it needs to insert that data to Cassandra running on a server inside a VPC.
我可以通过Lambda函数使用其私有IP并正确配置安全组来访问Cassandra服务器.
I am able to access the Cassandra server from my Lambda function, using it's private IP and configuring the security groups correctly.
但是,我无法从SQS队列中读取消息.当我将Lambda函数的配置更改为 No VPC 时,便能够从SQS队列中读取消息.但是,使用VPC设置,它只是超时.
However, I am not able to read messages from the SQS Queue. When I change the configuration of Lambda function to No VPC, then I am able to read the messages from the SQS Queue. However, with VPC settings, it just times out.
我该如何克服呢?我检查了我的Lambda函数的安全组是否具有对所有IP地址的完全出站访问权限.
How can I overcome this ? I have checked the security group of my Lambda function has full outbound access to all IP addresses.
某些服务(例如S3)正在提供VPC端点来解决此特定问题,但SQS并不是其中之一.我认为,解决此问题的唯一真正方法是在VPC内运行NAT,以便可以将Lambda函数的网络流量路由到外界.
Some services (e.g. S3) are offering VPC endpoints to solve this particular problem but SQS is not one of them. I think the only real solution to this problem is to run a NAT inside your VPC so the network traffic from the Lambda function can be routed to the outside world.