Lambda无法连接到VPC中的RDS

时间:2018-05-10 01:42:43

标签: aws-lambda amazon-vpc

我在私有子网中有一个带RDS的VPC。我可以从子网内的EC2盒连接到此。但是,我的Lambdas无法连接!

请您查看以下配置并发现我的错误?

Lambda config:

$ aws lambda get-function-configuration --function-name test
{
    "FunctionName": "test",
    "Role": "arn:aws:iam::xxxx:role/lambda_role",
    ...
    "VpcConfig": {
        "SubnetIds": [
            "subnet-00f3f0cb6957dbefa",
            "subnet-0d3d2cf4df53a862f"
        ],
        "SecurityGroupIds": [
            "sg-018da51b77f57eabf"
        ],
        "VpcId": "vpc-0704ca4d3f652fe9e"
    },
    ...
    "RevisionId": "e55b6fa2-998a-4b18-a620-69a218882b4e"
}

执行角色:

$ aws list-attached-role-policies --role-name lambda_role
{
    "AttachedPolicies": [
        {
            "PolicyName": "AWSLambdaVPCAccessExecutionRole",
            "PolicyArn": "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
        }
    ]
}

VPC:

$ aws ec2 describe-vpcs --vpc-ids vpc-0704ca4d3f652fe9e
{
    "Vpcs": [
        {
            "CidrBlock": "10.1.0.0/16",
            "DhcpOptionsId": "dopt-7764271f",
            "State": "available",
            "VpcId": "vpc-0704ca4d3f652fe9e",
            "InstanceTenancy": "default",
            "CidrBlockAssociationSet": [
                {
                    "AssociationId": "vpc-cidr-assoc-0c110a5fa85eb8883",
                    "CidrBlock": "10.1.0.0/16",
                    "CidrBlockState": {
                        "State": "associated"
                    }
                }
            ],
            "IsDefault": false,
            "Tags": []
        }
    ]
}

安全组:

$ aws ec2 describe-security-groups --group-ids sg-018da51b77f57eabf
{
    "SecurityGroups": [
        {
            "Description": "Security group for Lambdas",
            "GroupName": "lambda-sg",
            "IpPermissions": [],
            "OwnerId": "xxxxx",
            "GroupId": "sg-018da51b77f57eabf",
            "IpPermissionsEgress": [
                {
                    "FromPort": 0,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 65535,
                    "UserIdGroupPairs": []
                }
            ],
            "VpcId": "vpc-0704ca4d3f652fe9e"
        }
    ]
}

RDS安全组(指定公共子网和私有子网):

$ aws ec2 describe-security-groups --group-ids sg-0fbf7205b5d5fa98c
{
    "SecurityGroups": [
        {
            "Description": "Security group for RDS instance",
            "GroupName": "rds-sg",
            "IpPermissions": [
                {
                    "FromPort": 3306,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.1.2.0/24"
                        },
                        {
                            "CidrIp": "10.1.1.0/24"
                        },
                        {
                            "CidrIp": "10.1.4.0/24"
                        },
                        {
                            "CidrIp": "10.1.3.0/24"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 3306,
                    "UserIdGroupPairs": []
                }
            ],
            "OwnerId": "xxxxxx",
            "GroupId": "sg-0fbf7205b5d5fa98c",
            "IpPermissionsEgress": [],
            "VpcId": "vpc-0704ca4d3f652fe9e"
        }
    ]
}

链接: AWS Lambda Function not joining VPC

1 个答案:

答案 0 :(得分:0)

尝试在任何安全组和任何网络ACL上启用ICMP。可能只是PMTUD的黑洞情况。

相关问题
最新问题