VPC中的AWS Lambda有时无法上网
VPC中的AWS Lambda有时无法上网
提问于 2018-07-17 11:14:15
我有Lambda,它被部署到VPC。
这位悲痛欲绝的人还有另一条心声:
- VPC (192.168.0.0/16)
- 公共子网A (192.168.32.0/20)有NAT网关,路由0.0.0.0/0连接因特网网关
- 私有子网A (192.168.48.0/20)具有0.0.0.0/0至NAT网关的路由
- 私人子网B (192.168.64.0/20)
Lambda拥有自己的证券化集团,并提及“私有子网A”和“私有子网B”
我有个奇怪的问题:不时地没有的互联网接入。第三方服务正常。
更奇怪的是,Lambda得到的IP值为127.0.0.1、169.254.76.13、169.254.79.1,而不是来自子网的IP (192.168.48.0/20和192.168.64.0/20)。
错误:
Error: connect ETIMEDOUT x.x.x.x:443
at Object._errnoException (util.js:1022:11)
at _exceptionWithHostPort (util.js:1044:20)
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1198:14)部署模式:
这里是完整的CloudFormation模板:
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Base Infrastructure'
Metadata:
'AWS::CloudFormation::Interface':
ParameterGroups:
- Label:
default: 'VPC Parameters'
Parameters:
- VpcId
- InternetGatewayId
Parameters:
VpcId:
Type: String
InternetGatewayId:
Type: String
Resources:
SubnetAPublic:
Type: 'AWS::EC2::Subnet'
Properties:
AvailabilityZone: !Select [0, !GetAZs '']
CidrBlock: !Sub '192.168.32.0/20'
MapPublicIpOnLaunch: true
VpcId: !Sub '${VpcId}'
SubnetAPrivate:
Type: 'AWS::EC2::Subnet'
Properties:
AvailabilityZone: !Select [0, !GetAZs '']
CidrBlock: !Sub '192.168.48.0/20'
VpcId: !Sub '${VpcId}'
SubnetBPrivate:
Type: 'AWS::EC2::Subnet'
Properties:
AvailabilityZone: !Select [1, !GetAZs '']
CidrBlock: !Sub '192.168.64.0/20'
VpcId: !Sub '${VpcId}'
RouteTablePublic:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Sub '${VpcId}'
RouteTablePrivate:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Sub '${VpcId}'
RouteTableBPrivate:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Sub '${VpcId}'
RouteTableAssociationAPublic:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
SubnetId: !Ref SubnetAPublic
RouteTableId: !Ref RouteTablePublic
RouteTableAssociationAPrivate:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
SubnetId: !Ref SubnetAPrivate
RouteTableId: !Ref RouteTablePrivate
RouteTableAssociationBPrivate:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
SubnetId: !Ref SubnetBPrivate
RouteTableId: !Ref RouteTableBPrivate
EIP:
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
NatGateway:
Type: 'AWS::EC2::NatGateway'
Properties:
AllocationId: !GetAtt 'EIP.AllocationId'
SubnetId: !Ref SubnetAPublic
RouteTablePublicInternetRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref RouteTablePrivate
DestinationCidrBlock: '0.0.0.0/0'
NatGatewayId: !Ref NatGateway
RouteTablePublicInternetRoute2:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref RouteTablePublic
DestinationCidrBlock: '0.0.0.0/0'
GatewayId: !Sub '${InternetGatewayId}'
ServerlessSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: SecurityGroup for Serverless Functions
VpcId: !Sub '${VpcId}'
ServerlessSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref ServerlessSecurityGroup
IpProtocol: -1
SourceSecurityGroupId: !Ref ServerlessSecurityGroup知道我做错了什么吗?
P.S.:我发现了类似的问题AWS VPC Lambda Function keeps losing internet access和Why AWS lambda functions In a VPC sometimes timeout and sometimes work fine?
UPD
增加了路线,现在起作用了
RouteTableBPrivateInternetRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref RouteTableBPrivate
DestinationCidrBlock: '0.0.0.0/0'
NatGatewayId: !Ref NatGatewayStack Overflow用户
发布于 2020-01-23 19:04:46
您是否选择您的公共子网作为您的lambda将运行的子网之一?
只有在私有子网中运行时,lambda才能访问internet,因此请转到AWS控制台上的lambda页面,取消选择公共子网并保存,此问题不应再次发生。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/51380018
复制相关文章
相似问题
腾讯云开发者
