问题
I am trying to connect to my RDS instance from a lambda. I wrote the lambda locally and tested locally, and everything worked peachy. I deploy to lambda, and suddenly it doesn't work. Below is the code I'm running, and if it helps, I'm invoking the lambda via a kinesis stream.
'use strict';
exports.handler = (event, context, handlerCallback) => {
console.log('Recieved request for kinesis events!');
console.log(event);
console.log(context);
const connectionDetails = {
host: RDS_HOST,
port: 5432,
database: RDS_DATABASE,
user: RDS_USER,
password: RDS_PASSWORD
};
const db = require('pg-promise')({promiseLib: require('bluebird')})(connectionDetails);
db
.tx(function () {
console.log('Beginning query');
return this.query("SELECT 'foobar'")
.then(console.log)
.catch(console.log)
.finally(console.log);
})
.finally(() => handlerCallback());
};
Here is the logs from cloud watch if it helps:
START RequestId: *********-****-****-****-********* Version: $LATEST
2016-05-31T20:58:25.086Z *********-****-****-****-********* Recieved request for kinesis events!
2016-05-31T20:58:25.087Z *********-****-****-****-********* { Records: [ { kinesis: [Object], eventSource: 'aws:kinesis', eventVersion: '1.0', eventID: 'shardId-000000000000:**********************************', eventName: 'aws:kinesis:record', invokeIdentityArn: 'arn:aws:iam::******************:role/lambda_kinesis_role', awsRegion: 'us-east-1', eventSourceARN: 'arn:aws:kinesis:us-east-1:****************:stream/route-registry' } ] }
2016-05-31T20:58:25.283Z *********-****-****-****-********* { callbackWaitsForEmptyEventLoop: [Getter/Setter], done: [Function], succeed: [Function], fail: [Function], logGroupName: '/aws/lambda/apiGatewayRouteRegistry-development', logStreamName: '2016/05/31/[$LATEST]******************', functionName: 'apiGatewayRouteRegistry-development', memoryLimitInMB: '128', functionVersion: '$LATEST', getRemainingTimeInMillis: [Function], invokeid: '*********-****-****-****-*********', awsRequestId: '*********-****-****-****-*********', invokedFunctionArn: 'arn:aws:lambda:us-east-1:*************:function:apiGatewayRouteRegistry-development' }
END RequestId: *********-****-****-****-*********
REPORT RequestId: *********-****-****-****-********* Duration: 20003.70 ms Billed Duration: 20000 ms Memory Size: 128 MB Max Memory Used: 22 MB
2016-05-31T20:58:45.088Z *********-****-****-****-********* Task timed out after 20.00 seconds
回答1:
@MarkB @Michael-sqlbot were correct in the comments, it was a security group issue.
I finally got AWS support response to point out that the RDS security group was indeed private to a specific IP. This doesn't make sense as I never configured that, and I could access the database from my local machine and elastic beanstalk. I added 0.0.0.0/0 to the security group and now the lambda can connect. Thanks for your help guys!
回答2:
Here is how I fixed this issue.
When you create a DB instance, you are asked to select VPC. Even if you select default values, it takes the public IP of your system as default inbound IP. Lambda function, on the other hand, has its own IP setting. That's why you can access through any IDE or locally however not through lambda function.
To add Ip restrictions:
Go to Security group of your instance. After selecting the default security group, click on it. In the new page, scroll down to find inbound and outbound settings.
In inbound setting, click edit. You can change the IP here. (0.0.0.0/0 makes it open to the world)
If you add public IP here then IDE or your local connection would work.
For lambda function to work, add IP of the lambda function. Go to Lambda function, Network --> VPC --> (if no VPC is selected, select a VPC same as DB function) and note the IP here.
Type this IP in inbound settings, this will show auto filler.
Save it and test your lambda function.
来源:https://stackoverflow.com/questions/37555670/aws-lambda-cant-connect-to-rds-instance-but-i-can-locally