为什么我的lambda无法与elasticache通信？

Question

我有一个Redis集群，它的主节点的ElastiCache格式为：master.clustername.x.euw1.cache.amazonaws.com。我还有一个CNAME指向该FQDN的Route53记录。

我在与集群相同的私有网络中有一个.net核心lambda，可以通过安全组访问集群。lambda使用由Stack Overflow (Github repo here for reference)开发的Redis库与集群通信。

如果我给lambda提供Redis集群(以master开头的集群)的主机名，我就可以连接、保存数据并读取它。

如果我给lambda提供了CNAME (当我从本地机器ping它时，CNAME给出了与FQDN相同的IP地址，而且如果我在lambda中使用了Dns.GetHostEntry )，它不会连接，并且我会得到以下错误消息：

One or more errors occurred. (It was not possible to connect to the redis server(s); to create a disconnected multiplexer, disable AbortOnConnectFail. SocketFailure on PING): AggregateException
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at lambda_method(Closure , Stream , Stream , LambdaContextInternal )

at StackExchange.Redis.ConnectionMultiplexer.ConnectImpl(Func`1 multiplexerFactory, TextWriter log) in c:\code\StackExchange.Redis\StackExchange.Redis\StackExchange\Redis\ConnectionMultiplexer.cs:line 890
at lambda.Redis.RedisClientBuilder.Build(String redisHost, String redisPort, Int32 redisDbId) in C:\BuildAgent\work\91d24911506461d0\src\Lambda\Redis\RedisClientBuilder.cs:line 9
at lambda.Ioc.ServiceBuilder.GetRedisClient() in C:\BuildAgent\work\91d24911506461d0\src\Lambda\IoC\ServiceBuilder.cs:line 18
at lambda.Ioc.ServiceBuilder.GetServices() in C:\BuildAgent\work\91d24911506461d0\src\Lambda\IoC\ServiceBuilder.cs:line 11
at Handlers.OrderHandler.Run(SNSEvent request, ILambdaContext context) in C:\BuildAgent\work\91d24911506461d0\src\Lambda\Handlers\OrderHandler.cs:line 26

有没有人见过类似的东西？

Answer 1

结果是，因为我在ElastiCache群集中使用SSL证书，并且SSL证书被绑定到master.端点，而我试图连接到CNAME，所以证书验证失败。

因此，我最终在代码中查询Route53记录以获得master端点，并且它起作用了。

Answer 2

将问题从客户端库中隔离出来的可能解决方法--遵循AWS' tutorial并将Lambda重写为类似下面的代码(Python中的示例)。

from __future__ import print_function
import time
import uuid
import sys
import socket
import elasticache_auto_discovery
from pymemcache.client.hash import HashClient

#elasticache settings
elasticache_config_endpoint = "your-elasticache-cluster-endpoint:port"
nodes = elasticache_auto_discovery.discover(elasticache_config_endpoint)
nodes = map(lambda x: (x[1], int(x[2])), nodes)
memcache_client = HashClient(nodes)

def handler(event, context):
    """
    This function puts into memcache and get from it.
    Memcache is hosted using elasticache
    """

    #Create a random UUID... this will the sample element we add to the cache.
    uuid_inserted = uuid.uuid4().hex
    #Put the UUID to the cache.
    memcache_client.set('uuid', uuid_inserted)
    #Get item (UUID) from the cache.
    uuid_obtained = memcache_client.get('uuid')
    if uuid_obtained.decode("utf-8") == uuid_inserted:
        # this print should go to the CloudWatch Logs and Lambda console.
        print ("Success: Fetched value %s from memcache" %(uuid_inserted))
    else:
        raise Exception("Value is not the same as we put :(. Expected %s got %s" %(uuid_inserted, uuid_obtained))

    return "Fetched value from memcache: " + uuid_obtained.decode("utf-8")

参考：https://docs.aws.amazon.com/lambda/latest/dg/vpc-ec-deployment-pkg.html