我正在尝试运行lambda函数来调用位于私有子网中的Fargate服务。
当我在S3存储桶中插入文件时,会触发lambda。
我制作了一个网络负载平衡器(AWS :: ElasticLoadBalancingV2 :: LoadBalancer),该端口在端口80上侦听,并具有目标主机Fargate:
LoadBalancerLRS:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Scheme: internal
Subnets:
- !ImportValue SubnetPrivate1
- !ImportValue SubnetPrivate2
Type: network
LoadBalancerListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- TargetGroupArn: !Ref TargetGroupService
Type: forward
LoadBalancerArn: !Ref LoadBalancerLRS
Port: 80
Protocol: TCP
我致电网络负载平衡器,并不断收到此错误: 错误:连接ECONNREFUSED 127.0.0.1:80
我的VPC启用了DNS选项,我这样配置了DHCP选项:
DHCPOptions:
Type: AWS::EC2::DHCPOptions
Properties:
DomainName:
Fn::If:
- WEuropeRegionCondition
- ec2.internal
- Fn::Join:
- ''
- - !Ref AWS::Region
- ".compute.internal"
DomainNameServers:
- AmazonProvidedDNS
VPCDHCPOptionsAssociation:
Type: AWS::EC2::VPCDHCPOptionsAssociation
Properties:
VpcId: !Ref myVPC
DhcpOptionsId: !Ref DHCPOptions
我的lambda执行角色是这样的:
LambdaExecutionRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
Policies:
- PolicyName: S3Policy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 's3:PutObject'
- 'S3:DeleteObject'
Resource: !Sub 'arn:aws:s3:::*'
- Effect: Allow
Action:
- "logs:CreateLogGroup"
- "logs:CreateLogStream"
- "logs:PutLogEvents"
Resource: !Sub 'arn:aws:logs:::*'
- Effect: Allow
Action:
- "ec2:CreateNetworkInterface"
- "ec2:DescribeNetworkInterfaces"
- "ec2:DeleteNetworkInterface"
- "ec2:DescribeSecurityGroups"
- "ec2:DescribeSubnets"
Resource: !Sub '*'
我正在使用axios npm库来调用网络负载平衡器生成的DNS名称。
lambda函数和fargate的安全组相同,并且它们是“全部打开”。
该服务正在运行,并且运行状况检查正常。
那么,为什么我无法访问网络负载平衡器?