想知道这里有人是否有一些见解。我无法弄清楚什么可能阻止我的lambda函数写入s3,它似乎是超时的。我已经赋予了lambda full s3访问权限的角色,但它不应该被要求,因为我在类路径上传递凭据。
当我从肥胖罐子里跑出来时,这在本地工作:
$ java -cp dronze-app-fat.jar com.dronze.aws.lambda.HelloAwsLambda
trying to write to bucket.
{"result":"SUCCEED"}
但是挂在lambda。
START RequestId: 1dbeabac-eff1-11e5-a1ca-611b19003683 Version: $LATEST
initializing s3Client.
trying to write to bucket.
END RequestId: 1dbeabac-eff1-11e5-a1ca-611b19003683
REPORT RequestId: 1dbeabac-eff1-11e5-a1ca-611b19003683 Duration: 15002.75 ms Billed Duration: 15000 ms Memory Size: 512 MB Max Memory Used: 107 MB
2016-03-22T05:44:45.228Z 1dbeabac-eff1-11e5-a1ca-611b19003683 Task timed out after 15.00 seconds
Mar 22, 2016 3:46:24 PM com.amazonaws.http.AmazonHttpClient executeHelper
INFO: Unable to execute HTTP request: connect timed out
java.net.SocketTimeoutException: connect timed out
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
lambda方法只写一个s3 json文档:
private void saveToS3(String jsonDocument, String bucketName, String keyName, LambdaLogger logger) {
if(s3Client == null){
logger.log("initializing s3Client.");
ClientConfiguration config = new ClientConfiguration();
config.setConnectionTimeout(14000);
s3Client = new AmazonS3Client(
new ClasspathPropertiesFileCredentialsProvider(
"application-prod.properties"), config);
s3Client.setRegion(Region.getRegion(Regions.US_WEST_2));
}
try {
InputStream stream = new ByteArrayInputStream(
jsonDocument.getBytes(StandardCharsets.UTF_8));
String bucket = bucketName;
ObjectMetadata metadata = new ObjectMetadata();
metadata.setContentType("application/json");
metadata.setContentDisposition("attachment; filename=\"" + keyName);
metadata.setContentLength(jsonDocument.length());
PutObjectRequest put = new PutObjectRequest(bucket, keyName,
stream, metadata);
put.setStorageClass(StorageClass.ReducedRedundancy);
put.setMetadata(metadata);
logger.log("trying to write to bucket.");
s3Client.putObject(put);
} catch (AmazonServiceException ase) {
logger.log("Caught an AmazonServiceException, which "
+ "means your request made it "
+ "to Amazon S3, but was rejected with an error response"
+ " for some reason.");
logger.log("Error Message: " + ase.getMessage());
logger.log("HTTP Status Code: " + ase.getStatusCode());
logger.log("AWS Error Code: " + ase.getErrorCode());
logger.log("Error Type: " + ase.getErrorType());
logger.log("Request ID: " + ase.getRequestId());
} catch (AmazonClientException ace) {
logger.log("Caught an AmazonClientException, which "
+ "means the client encountered "
+ "an internal error while trying to "
+ "communicate with S3, "
+ "such as not being able to access the network.");
logger.log("Error Message: " + ace.getMessage());
}
}
这种行为似乎与lambda函数的作用有关,或者是一个能够连接到s3的安全组(我没有认为lambda有安全组)但是有些东西阻止了s3客户端的连接虽然角色允许它:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DetachNetworkInterface",
"ec2:DeleteNetworkInterface"
],
"Resource": "*"
},
{
"Effect":"Allow",
"Action":[
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource":"arn:aws:s3:::dronze.lambda.b283/*"
}
]
}
我已经将内存和超时提升到奇怪的级别,但仍然被阻止。这似乎是一个网络问题,而不是资源。非常感谢对解决方案的任何见解。