我正在使用无服务器框架来尝试让我的lambda函数将一些记录扔到“始终在线”的Aurora RDS实例中。到目前为止,在使用mysql npm软件包并尝试连接到RDS实例时,我已经遇到了连接超时问题。
这是我检查过的\ tried:
serverless.yml:
service: myrds
provider:
name: aws
runtime: nodejs10.x
stage: ${opt:stage, 'dev'}
region: ${opt:region, 'us-east-2'}
iamRoleStatements:
- Effect: "Allow"
Action:
- "ec2:CreateNetworkInterface"
- "ec2:DescribeNetworkInterfaces"
- "ec2:DeleteNetworkInterface"
Resource: "*"
- Effect: "Allow"
Action:
- "sqs:SendMessage"
- "sqs:GetQueueUrl"
- "sqs:ListQueues"
Resource:
Fn::GetAtt:
- RDSQueue
- Arn
- Effect: "Allow"
Action:
- "sqs:SendMessage"
- "sqs:GetQueueUrl"
- "sqs:ListQueues"
Resource:
Fn::GetAtt:
- DeadLetterQueue
- Arn
functions:
consumer:
handler: handler.consumer
timeout: 20
vpc:
securityGroupIds:
- sg-123456
subnetIds:
- subnet-11111
- subnet-22222
- subnet-33333
events:
- sqs:
arn:
Fn::GetAtt:
- RDSQueue
- Arn
environment:
NODE_ENV: ${opt:stage, 'dev'}
resources:
Resources:
RDSQueue:
Type: 'AWS::SQS::Queue'
Properties:
QueueName: "RDSQueue-${opt:stage, 'dev'}"
RedrivePolicy:
deadLetterTargetArn:
"Fn::GetAtt":
- DeadLetterQueue
- Arn
maxReceiveCount: 3
DeadLetterQueue:
Type: 'AWS::SQS::Queue'
Properties:
QueueName: "DeadLetterQueue-${opt:stage, 'dev'}"
我在这里想念什么?从SQS队列触发时,连接超时。
答案 0 :(得分:0)
从AWS Lambda函数连接到Amazon RDS数据库时的典型配置是:
Lambda-SG)的安全组,允许所有出站访问RDS-SG)上的安全组具有入站规则,允许来自Lambda-SG的适当端口(例如3306)上的流量也就是说,RDS-SG在入站规则中专门引用了Lambda-SG。
如果Lambda功能也需要连接到Internet,则在VPC的公共子网中将需要一个NAT网关。