Not able to connect to AWS DocumentDB from AWS Lambda (using Java)

huangapple go评论51阅读模式
英文:

Not able to connect to AWS DocumentDB from AWS Lambda (using Java)

问题

我想从AWS Lambda(使用Java)连接到AWS DocumentDB集群。集群启用了TLS,所以我需要导入证书到信任存储区(truststore)。在如何继续操作方面,我找不到任何相关文档。

英文:

I want to connect to AWS DocumentDB cluster from AWS Lambda (using Java). TLS is enabled for cluster so I need to import the certificates to truststore. Not able to find any document around this on how to proceed.

答案1

得分: 1

你需要在连接到 DocumentDB 之前将 https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem 文件存储到 certstore,否则将无法正常工作。

有很多方法可以在运行时使用代码导入证书。

参考链接:
https://stackoverflow.com/questions/4325263/how-to-import-a-cer-certificate-into-a-java-keystore

在导入证书后,您可以连接到 DocumentDB,参考代码可以在这里找到:

https://docs.aws.amazon.com/documentdb/latest/developerguide/connect_programmatically.html

英文:

You need to store https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem file to certstore before connecting to documentDB otherwise it will not work.

Their are many ways to import certificates using code during runtime.

> Ref :
> https://stackoverflow.com/questions/4325263/how-to-import-a-cer-certificate-into-a-java-keystore

After importing cert, you can connect to documentDB, reference code can be found here :-

> https://docs.aws.amazon.com/documentdb/latest/developerguide/connect_programmatically.html

答案2

得分: 0

I encourage you to avoid packaging the cert as part of your Lambda code. Instead you can get it dynamically from Amazon S3. This will avoid future issues in the future when the cert is rotate. Following a python example:

#Function to download the current docdb certificate
def getDocDbCertificate():
try:
print('Certificate')
clientS3.Bucket('rds-downloads').download_file('rds-combined-ca-bundle.pem', '/tmp/rds-combined-ca-bundle.pem')
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == "404":
print("The object does not exist.")
else:
raise

For you to do that, the role of your Lambda needs permissions to get the object from S3 and S3 access via the Internet or a VPC endpoint.

英文:

I encourage you to avoid packaging the cert as part of your Lambda code. Instead you can get it dynamically from Amazon S3. This will avoid future issues in the future when the cert is rotate. Following a python example:

#Function to download the current docdb certificate
    def getDocDbCertificate():
        try:
            print('Certificate')
            clientS3.Bucket('rds-downloads').download_file('rds-combined-ca-bundle.pem', '/tmp/rds-combined-ca-bundle.pem')
        except botocore.exceptions.ClientError as e:
            if e.response['Error']['Code'] == "404":
                print("The object does not exist.")
            else:
                raise

For you to do that, the role of your Lambda needs permissions to get the object from S3 and S3 access via the Internet or a VPC endpoint.

huangapple
  • 本文由 发表于 2020年8月2日 23:03:13
  • 转载请务必保留本文链接:https://go.coder-hub.com/63217550.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定