VPC上的AWS Lambda Ruby-Seahorse :: Client :: NetworkingError

时间:2019-02-21 20:29:26

标签: ruby amazon-web-services aws-lambda

在将Ruby Lambda函数添加到VPC并附加了相关的SecurityGroups之后,我在从aws SSM参数存储中提取配置信息的SSM凭证中遇到问题,并且在超时后遇到了这个奇怪的网络错误。

当尝试通过ssm.get_parameters_by_path检索SSM凭证时会发生这种情况,但跟踪似乎会在其他任何AWS调用中发生。 

{
  "errorMessage": "execution expired",
  "errorType": "Function<Seahorse::Client::NetworkingError>",
  "stackTrace": [
    "/var/lang/lib/ruby/2.5.0/net/http.rb:937:in `initialize'",
    "/var/lang/lib/ruby/2.5.0/net/http.rb:937:in `open'",
    "/var/lang/lib/ruby/2.5.0/net/http.rb:937:in `block in connect'",
    "/var/lang/lib/ruby/2.5.0/timeout.rb:103:in `timeout'",
    "/var/lang/lib/ruby/2.5.0/net/http.rb:935:in `connect'",
    "/var/lang/lib/ruby/2.5.0/net/http.rb:920:in `do_start'",
    "/var/lang/lib/ruby/2.5.0/net/http.rb:915:in `start'",
    "/var/lang/lib/ruby/2.5.0/delegate.rb:83:in `method_missing'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/seahorse/client/net_http/connection_pool.rb:297:in `start_session'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/seahorse/client/net_http/connection_pool.rb:96:in `session_for'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/seahorse/client/net_http/handler.rb:121:in `session'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/seahorse/client/net_http/handler.rb:73:in `transmit'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/seahorse/client/net_http/handler.rb:47:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/seahorse/client/plugins/content_length.rb:12:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/json/error_handler.rb:8:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/signature_v4.rb:66:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/helpful_socket_errors.rb:10:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/retry_errors.rb:171:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/retry_errors.rb:202:in `retry_request'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/retry_errors.rb:185:in `retry_if_possible'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/retry_errors.rb:173:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/retry_errors.rb:202:in `retry_request'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/retry_errors.rb:185:in `retry_if_possible'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/retry_errors.rb:173:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/retry_errors.rb:202:in `retry_request'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/retry_errors.rb:185:in `retry_if_possible'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/retry_errors.rb:173:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/json/handler.rb:11:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/user_agent.rb:13:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/endpoint_pattern.rb:28:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/endpoint_discovery.rb:78:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/seahorse/client/plugins/endpoint.rb:45:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/param_validator.rb:24:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/seahorse/client/plugins/raise_response_errors.rb:14:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/jsonvalue_converter.rb:20:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/idempotency_token.rb:17:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/param_converter.rb:24:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/aws-sdk-core/plugins/response_paging.rb:10:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/seahorse/client/plugins/response_target.rb:23:in `call'",
    "/var/runtime/gems/aws-sdk-core-3.40.0/lib/seahorse/client/request.rb:70:in `send_request'",
    "/var/runtime/gems/aws-sdk-ssm-1.34.0/lib/aws-sdk-ssm/client.rb:4495:in `get_parameters_by_path'",

如果我从VPC中删除了该功能,则一切运行正常。什么地方出了错 ? (请注意,我已将VPC权限添加到我的lambda角色中,以及SSM访问权限)

我的SSM客户端以此方式初始化

def ssm
  @ssm ||= Aws::SSM::Client.new
end

1 个答案:

答案 0 :(得分:1)

EDIT :我误解了OP的问题,因此我进行了相应的编辑,试图解释为什么它可能会失败。

当Lambda需要从VPC内访问其他AWS服务时,您的功能将需要访问VPC和Internet。这可以通过同时连接公共子网和私有子网来实现。公共子网是连接了Internet网关的子网,因此可以访问公共互联网,而私有子网是通过NAT网关访问的子网,仅在AWS VPC内部可见。

此外,请记住,安全组必须允许从0.0.0.0/0开始的入站TCP连接(或仅将要允许的主机列入白名单)。

如果可以的话,请尽量避免将Lambda函数放在VPC内,因为它会大大增加冷启动次数(有时会在请求之外增加10秒,这将导致大多数Lambda函数无法正常运行)。超时(如果配置不正确)

希望这会有所帮助!

EDIT 2 :我将尝试通过带有两个子网(公共子网和私有子网)的向导通过向导创建新VPC的过程,并允许入站规则在SG上,最后将SN和SG附加到Lambda函数

请事先创建一个弹性IP

通过控制台,单击VPC,然后单击“启动VPC向导” enter image description here

选择具有公用和专用子网的VPC enter image description here

保留默认配置并添加刚刚创建的弹性IP enter image description here

创建VPC后,您现在应该拥有一个公共子网和一个私有子网 enter image description here

默认情况下,您的SG将已经接受所有流量 enter image description here

最后,转到Lambda功能,然后在VPC部分下,添加子网和安全组。 enter image description here

瞧瞧,您的Lambda现在应该可以访问Internet(或其他AWS服务)

相关问题
最新问题