嗨,我正在使用lambda函数进行oracle密码轮换,并且每提供一次授予,就会收到以下错误消息:
START RequestId: f515ffc3-56d4-4301-96a5-426ab14c68a2 Version: $LATEST
[INFO] 2020-05-14T13:54:14.9Z f515ffc3-56d4-4301-96a5-426ab14c68a2 {'RequestType': 'Create', 'ServiceToken': 'arn:aws:lambda:eu-west-1:661211433270:function:oracle-rds-dbsetup-lambda', 'ResponseURL': 'https://cloudformation-custom-resource-response-euwest1.s3-eu-west-1.amazonaws.com/arn%3Aaws%3Acloudformation%3Aeu-west-1%3A661211433270%3Astack/oracle/24520dd0-95e8-11ea-b1d1-0609694b6370%7CRDSDBSetup%7Cff43fa14-be13-4a66-95e5-ee0b82a44993?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20200514T135412Z&X-Amz-SignedHeaders=host&X-Amz-Expires=7200&X-Amz-Credential=AKIAJ7MCS7PVEUOADEEA%2F20200514%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Signature=20bb8ba39f88fb14efb623b9047e89a628eb9c881c67b4d035995d9859918bb9', 'StackId': 'arn:aws:cloudformation:eu-west-1:661211433270:stack/oracle/24520dd0-95e8-11ea-b1d1-0609694b6370', 'RequestId': 'ff43fa14-be13-4a66-95e5-ee0b82a44993', 'LogicalResourceId': 'RDSDBSetup', 'ResourceType': 'Custom::DBSetup', 'ResourceProperties': {'ServiceToken': 'arn:aws:lambda:eu-west-1:661211433270:function:oracle-rds-dbsetup-lambda', 'MasterSecretArn': 'arn:aws:secretsmanager:eu-west-1:661211433270:secret:rds/app/master4-h4UyCN', 'AppUserGrants': ['CREATE SESSION', 'CONNECT', 'RESOURCE', 'DBA'], 'AppSecretArn': 'arn:aws:secretsmanager:eu-west-1:661211433270:secret:rds/app/application4-3XnzKs'}}
[INFO] 2020-05-14T13:54:14.50Z f515ffc3-56d4-4301-96a5-426ab14c68a2 Found credentials in environment variables.
[INFO] 2020-05-14T13:54:15.455Z f515ffc3-56d4-4301-96a5-426ab14c68a2 User created: testappdbuser
[INFO] 2020-05-14T13:54:15.459Z f515ffc3-56d4-4301-96a5-426ab14c68a2 Granted: CREATE SESSION
[INFO] 2020-05-14T13:54:15.470Z f515ffc3-56d4-4301-96a5-426ab14c68a2 Granted: CONNECT
[INFO] 2020-05-14T13:54:15.475Z f515ffc3-56d4-4301-96a5-426ab14c68a2 Granted: RESOURCE
[INFO] 2020-05-14T13:54:15.479Z f515ffc3-56d4-4301-96a5-426ab14c68a2 Granted: DBA
[INFO] 2020-05-14T13:54:15.480Z f515ffc3-56d4-4301-96a5-426ab14c68a2 Successfully created user testappdbuser in Oracle Server DB for secret arn arn:aws:secretsmanager:eu-west-1:661211433270:secret:rds/app/application4-3XnzKs.
https://cloudformation-custom-resource-response-euwest1.s3-eu-west-1.amazonaws.com/arn%3Aaws%3Acloudformation%3Aeu-west-1%3A661211433270%3Astack/oracle/24520dd0-95e8-11ea-b1d1-0609694b6370%7CRDSDBSetup%7Cff43fa14-be13-4a66-95e5-ee0b82a44993?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20200514T135412Z&X-Amz-SignedHeaders=host&X-Amz-Expires=7200&X-Amz-Credential=AKIAJ7MCS7PVEUOADEEA%2F20200514%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Signature=20bb8ba39f88fb14efb623b9047e89a628eb9c881c67b4d035995d9859918bb9
Response body:
{
"Status": "SUCCESS",
"Reason": "See the details in CloudWatch Log Stream: 2020/05/14/[$LATEST]c85275eb57604aebb929853d877306c7",
"PhysicalResourceId": "2020/05/14/[$LATEST]c85275eb57604aebb929853d877306c7",
"StackId": "arn:aws:cloudformation:eu-west-1:661211433270:stack/oracle/24520dd0-95e8-11ea-b1d1-0609694b6370",
"RequestId": "ff43fa14-be13-4a66-95e5-ee0b82a44993",
"LogicalResourceId": "RDSDBSetup",
"NoEcho": false,
"Data": {}
}
send(..) failed executing requests.put(..): HTTPSConnectionPool(host='cloudformation-custom-resource-response-euwest1.s3-eu-west-1.amazonaws.com', port=443): Max retries exceeded with url: /arn%3Aaws%3Acloudformation%3Aeu-west-1%3A661211433270%3Astack/oracle/24520dd0-95e8-11ea-b1d1-0609694b6370%7CRDSDBSetup%7Cff43fa14-be13-4a66-95e5-ee0b82a44993?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20200514T135412Z&X-Amz-SignedHeaders=host&X-Amz-Expires=7200&X-Amz-Credential=AKIAJ7MCS7PVEUOADEEA%2F20200514%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-**Signature=20bb8ba39f88fb14efb623b9047e89a628eb9c881c67b4d035995d9859918bb9 (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fec35bc8610>: Failed to establish a new connection: [Errno 110] Connection timed out'))**
END RequestId: f515ffc3-56d4-4301-96a5-426ab14c68a2
答案 0 :(得分:0)
您的Lambda是否在没有NAT网关的VPC中起作用?似乎没有IP地址,因此没有出站互联网连接。
如果不需要访问VPC专用资源,请尝试从VPC删除Lambda。
否则,您似乎还需要从Lambda内部访问RDS,因此在这种情况下,应将NAT网关添加到VPC。
一些有用的资源:
AWS Lambda:如何为具有VPC访问权限的Lambda功能设置NAT网关 https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/