问题
I have a Lambda function which can be triggered from an API gateway or ALB request. I also have an RDS Aurora PostgreSQL instance, both of which are running within a VPC.
I'm able to connect to the RDS instance from the Lambda just fine, however I can't access the internet, e.g. attempting to fire off a request to https://jsonplaceholder.typicode.com/todos/1 will cause a timeout.
I also can't connect to the remote database using a SQL client such as DBeaver.
Here's some detail below but let me know if you need anything else. I'm stumped.
Lambda Inbound Rules
Security group ID Ports Source
sg-0f2c4426c8fc85235 80 0.0.0.0/0
sg-0f2c4426c8fc85235 5432 0.0.0.0/0
sg-0f2c4426c8fc85235 All sg-0f2c4426c8fc85235
sg-0f2c4426c8fc85235 22 0.0.0.0/0
sg-0f2c4426c8fc85235 443 0.0.0.0/0
Lambda Outbound Rules
Security group ID Ports Destination
sg-0f2c4426c8fc85235 All 0.0.0.0/0
RDS Connectivity
VPC
Public Subnet
Private Subnet
EDITS
Nat Gateway (associated with public subnet)
Route Tables
Route Table Routes
EDIT 2
Lambda Subnets
回答1:
The Lambda function should only be connected to a private subnet.
This enables Internet-bound traffic to be routed to the NAT Gateway in the public subnet.
If the Lambda function connects to the public subnet, it will be unable to reach the Internet.
回答2:
A mixture of two things I think. 1, as was pointed out, the Lambda should only be connected to private subnets.
I think I'd also mixed up the availability zones between the public and private subnets?
Anyway, the Lambda is now successfully connecting to RDS, hitting external APIs and I can also connect through DBeaver.
Thanks a lot.
来源:https://stackoverflow.com/questions/57608422/why-is-my-lambda-unable-to-access-the-internet