AWS Lambda + VPC弹性IP超时
我试图将静态ip分配给多个lambdas,以便当lambda调用特定服务时,我可以将该ip白名单。
我能够做到这一点,但据我所知,它将随机开始,要么要花2分钟才能返回到500毫秒前的水平,要么就开始一起计时。
下面是用于设置这个VPC的cloudformation,在这个cloudformation中,我设置了以下内容:
- 公共子网
- 私有子网
- NAT网关
- 弹性IP
- 2条路线(公共/私人)
- 因特网网关
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "AWS CloudFormation for VPC",
"Parameters": {
"env": {
"Type": "String"
}
},
"Resources": {
"VPCStaticIP": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "11.0.0.0/16",
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"",
["lambavpc", "-", { "Ref": "env" }]
]
}
}
]
}
},
"SubnetPublic": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "11.0.0.0/24",
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"",
[
"lambavpc",
"-",
{ "Ref": "env" },
"-",
"public-subnet"
]
]
}
}
],
"VpcId": {
"Ref": "VPCStaticIP"
}
}
},
"SubnetPrivate": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "11.0.1.0/24",
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"",
[
"lambavpc",
"-",
{ "Ref": "env" },
"-",
"private-subnet"
]
]
}
}
],
"VpcId": {
"Ref": "VPCStaticIP"
}
}
},
"InternetGateway": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"",
["lambavpc", "-", { "Ref": "env" }, "-", "igw"]
]
}
}
]
}
},
"VPCGatewayAttachment": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"InternetGatewayId": {
"Ref": "InternetGateway"
},
"VpcId": {
"Ref": "VPCStaticIP"
}
}
},
"RouteTablePublic": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VPCStaticIP"
},
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"",
[
"lambavpc",
"-",
{ "Ref": "env" },
"-",
"public-route"
]
]
}
}
]
}
},
"RoutePublic": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "InternetGateway"
},
"RouteTableId": {
"Ref": "RouteTablePublic"
}
}
},
"SubnetRouteTableAssociationPublic": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "RouteTablePublic"
},
"SubnetId": {
"Ref": "SubnetPublic"
}
}
},
"EIP": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"",
["lambavpc", "-", { "Ref": "env" }, "-", "eip"]
]
}
}
]
}
},
"NatGateway": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": ["EIP", "AllocationId"]
},
"SubnetId": {
"Ref": "SubnetPublic"
}
}
},
"RouteTablePrivate": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VPCStaticIP"
},
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"",
[
"lambavpc",
"-",
{ "Ref": "env" },
"-",
"private-route"
]
]
}
}
]
}
},
"RoutePrivate": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "NatGateway"
},
"RouteTableId": {
"Ref": "RouteTablePrivate"
}
}
},
"SubnetRouteTableMainAssociationPrivate": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "RouteTablePrivate"
},
"SubnetId": {
"Ref": "SubnetPrivate"
}
}
}
},
"Outputs": {}
}我做了很多研究并找到了这些参考资料:
- https://gist.github.com/reggi/dc5f2620b7b4f515e68e46255ac042a7
- AWS Lambda:如何为具有VPC访问权限的lambda函数设置NAT网关
但我似乎无法推断出我正在做的事情和他们提出的建议之间的差异。
任何建议都将不胜感激!
回答 2
Stack Overflow用户
发布于 2020-08-26 12:23:20
EIP超时可能是因为在AWS::EC2::VPCGatewayAttachment上没有 DependsOn属性。在您的情况下,这是必需的:
如果定义了一个弹性IP地址并将其与同一模板中定义的VPC关联,则必须使用此资源上的DependsOn属性声明对VPC网关附件的依赖关系。
因此,您可以尝试以下添加依赖项的方法:
"EIP": {
"Type": "AWS::EC2::EIP",
"DependsOn" : "VPCGatewayAttachment",
"Properties": {
"Domain": "vpc",
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"",
["lambavpc", "-", { "Ref": "env" }, "-", "eip"]
]
}
}
]
}
}此外,如果可能的话,我会考虑为您的VPC和子网使用私有IP范围 of 10.0.0.0/16而不是11.0.0.0/16。范围是AWS将使用的推荐:
在创建VPC时,我们建议从私有IPv4地址范围指定一个CIDR块( /16或更小的),如RFC 1918所指定的:
- 10.0.0.0 - 10.255.255.255 (10/8前缀)
- 172.16.0.0 - 172.31.255.255 (172.16/12前缀)
- 192.168.0.0 - 192.168.255.255 (192.168/16前缀)
Stack Overflow用户
发布于 2020-08-26 12:40:27
您没有展示如何创建Lambda函数,这是在CloudFormation之外创建的吗?听起来您的Lambda函数被配置为使用两个VPC子网,并且当它在公共子网中运行时,它将得到超时。您需要将Lambda函数配置为只使用带有NAT网关路由的私有子网。
https://stackoverflow.com/questions/63597224
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号