使用VPC配置添加AWS Lambda会导致访问S3时出现超时

时间:2016-02-16 03:38:25

标签: amazon-web-services amazon-s3 aws-lambda amazon-vpc

我正在尝试从AWS Lambda访问我的VPC上的S3和资源,但由于我将AWS Lambda配置为访问VPC,因此在访问S3时超时。 这是代码

from __future__ import print_function

import boto3
import logging
import json

print('Loading function')

s3 = boto3.resource('s3')

import urllib

def lambda_handler(event, context):
    logging.getLogger().setLevel(logging.INFO)
    # Get the object from the event and show its content type
    bucket = event['Records'][0]['s3']['bucket']['name']
    key = urllib.unquote_plus(event['Records'][0]['s3']['object']['key']).decode('utf8')
    print('Processing object {} from bucket {}. '.format(key, bucket))
    try:
        response = s3.Object(bucket, key)
        content = json.loads(response.get()['Body'].read())
        # with table.batch_writer() as batch:
        for c in content:
            print('     Processing Item : ID' + str(c['id']))
            # ##################
            # Do custom processing here using VPC resources
            # ##################
    except Exception as e:
        print('Error while processing object {} from bucket {}. '.format(key, bucket))
        print(e)
        raise e

我已经使用适当的出站规则设置我的子网和安全组来访问互联网,如下所示,但我的Lambda在访问S3时只是超时。

enter image description here

enter image description here

以下是测试输入的示例

# Test Event Configuration
{
  "Records": [
    {
      "awsRegion": "us-east-1",
      "eventName": "ObjectCreated:Put",
      "eventSource": "aws:s3",
      "eventTime": "2016-02-11T19:11:46.058Z",
      "eventVersion": "2.0",
      "requestParameters": {
        "sourceIPAddress": "54.88.229.196"
      },
      "responseElements": {
        "x-amz-id-2": "ljEg+Y/InHDO8xA9c+iz6DTKKenmTaGE9UzHOAabarRmpDF1z0eUJBdpGi37Z2BU9nbTh4p7oZg=",
        "x-amz-request-id": "3D98A2325EC127C6"
      },
      "s3": {
        "bucket": {
          "arn": "arn:aws:s3:::social-gauge-data",
          "name": "social-gauge-data",
          "ownerIdentity": {
            "principalId": "A1NCXDU7DLYS07"
          }
        },
        "configurationId": "b5540417-a0ac-4ed0-9619-8f27ba949694",
        "object": {
          "eTag": "9c5116c70e8b3628380299e39e0e9d33",
          "key": "posts/test/testdata",
          "sequencer": "0056BCDCF1F544BD71",
          "size": 72120
        },
        "s3SchemaVersion": "1.0"
      },
      "userIdentity": {
        "principalId": "AWS:AROAIUFL6WAMNRLUBLL3K:AWSFirehoseDelivery"
      }
    }
  ]
}

1 个答案:

答案 0 :(得分:43)

在Lambda中启用VPC支持后,您的功能将无法再访问VPC以外的任何内容,包括S3。特别是S3,您可以使用VPC Endpoints来解决此问题。对于VPC之外的其他任何内容,您需要在VPC中创建NAT实例或托管NAT网关,以便将来自Lambda函数的流量路由到VPC外部的端点。

我会阅读Lambda VPC support announcement,并特别注意"要知道的事情"最后一节。

相关问题
最新问题