我有一个cloudformation模板:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"SourcePackageName": {
"Type": "String"
}
},
"Resources": {
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16"
}
},
"PublicSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"CidrBlock": "10.0.0.0/24"
},
"DependsOn" : "VPC"
},
"PrivateSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"CidrBlock": "10.0.1.0/24"
},
"DependsOn" : "VPC"
},
"InternetGateway": {
"Type": "AWS::EC2::InternetGateway"
},
"AttachGateway": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"InternetGatewayId": {
"Ref": "InternetGateway"
}
},
"DependsOn" : "InternetGateway"
},
"PublicRouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VPC"
}
},
"DependsOn" : "VPC"
},
"PrivateRouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VPC"
}
},
"DependsOn" : "VPC"
},
"PublicRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "PublicRouteTable"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "InternetGateway"
}
},
"DependsOn": ["AttachGateway", "PublicRouteTable", "InternetGateway"]
},
"PrivateRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "PrivateRouteTable"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "NatGateway"
}
},
"DependsOn": ["AttachGateway", "PublicRouteTable", "NatGateway"]
},
"NatGateway": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"ElasticIp",
"AllocationId"
]
},
"SubnetId": {
"Ref": "PublicSubnet"
}
},
"DependsOn": ["PublicSubnet", "ElasticIp"]
},
"GatewayAttachment": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"InternetGatewayId": {
"Ref": "InternetGateway"
}
},
"DependsOn": ["VPC", "InternetGateway"]
},
"ElasticIp": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc"
},
"DependsOn": "GatewayAttachment"
},
"PublicSubnetRouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "PublicSubnet"
},
"RouteTableId": {
"Ref": "PublicRouteTable"
}
},
"DependsOn": ["PublicSubnet", "PublicRouteTable"]
},
"PrivateSubnetRouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "PrivateSubnet"
},
"RouteTableId": {
"Ref": "PrivateRouteTable"
}
},
"DependsOn": ["PrivateSubnet", "PrivateRouteTable"]
},
"LambdaSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"DependsOn": ["VPC"],
"Properties": {
"GroupName": "Internet Group",
"GroupDescription": "SSH traffic in, all traffic out.",
"VpcId": { "Ref": "VPC" },
"SecurityGroupIngress": [
{
"IpProtocol": -1,
"CidrIp": "0.0.0.0/0"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": -1,
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key" : "System",
"Value" : "Feed"
}
]
}
},
"FeedLambdaRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Path": "/",
"Policies": [{
"PolicyName": "root",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:*"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}
}],
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
"arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
]
}
},
"FeedLambda": {
"Type": "AWS::Lambda::Function",
"DependsOn": ["VPC", "LambdaSecurityGroup", "PublicSubnet", "FeedLambdaRole"],
"Properties": {
"Code": {
"S3Bucket": "bucket-name",
"S3Key": {
"Fn::Join" : [ "/", [ "directory-name", { "Ref" : "SourcePackageName" }] ] }
},
"FunctionName": "Feed",
"Handler": "java.package.class",
"MemorySize": 128,
"Role": { "Fn::GetAtt" : [ "FeedLambdaRole", "Arn" ] },
"Runtime": "java8",
"VpcConfig": {
"SecurityGroupIds": [
{ "Ref": "LambdaSecurityGroup" }
],
"SubnetIds": [
{ "Ref": "PublicSubnet" }
]
}
}
}
}
}
我的代码在执行非基于互联网的代码时正确执行,但是当我在代码中添加网络调用时,它会不断导致超时 .
我已将超时时间增加到10秒而无法修复 .
任何帮助,将不胜感激 .
我从这里使用了模板:
1 回答
您已将Lambda函数放在公共子网中 . VPC内部的Lambda函数必须使用NAT网关来访问Internet(以及VPC之外的任何其他内容,如AWS API) . NAT网关连接到私有子网 . 您需要更改配置以将Lambda函数部署到私有子网中 .
或者,如果您的Lambda函数实际上不需要访问VPC中的任何内容,那么您可以将其从VPC中删除,并且它将具有Internet访问权限 . 将Lambda函数添加到VPC会使冷启动变慢并且没有任何好处,除非您确实需要它来访问VPC资源 .