英文:
Not able to connect to AWS DocumentDB from AWS Lambda (using Java)
问题
我想从AWS Lambda(使用Java)连接到AWS DocumentDB集群。集群启用了TLS,所以我需要导入证书到信任存储区(truststore)。在如何继续操作方面,我找不到任何相关文档。
英文:
I want to connect to AWS DocumentDB cluster from AWS Lambda (using Java). TLS is enabled for cluster so I need to import the certificates to truststore. Not able to find any document around this on how to proceed.
答案1
得分: 1
你需要在连接到 DocumentDB 之前将 https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
文件存储到 certstore,否则将无法正常工作。
有很多方法可以在运行时使用代码导入证书。
参考链接:
https://stackoverflow.com/questions/4325263/how-to-import-a-cer-certificate-into-a-java-keystore
在导入证书后,您可以连接到 DocumentDB,参考代码可以在这里找到:
https://docs.aws.amazon.com/documentdb/latest/developerguide/connect_programmatically.html
英文:
You need to store https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
file to certstore before connecting to documentDB otherwise it will not work.
Their are many ways to import certificates using code during runtime.
> Ref :
> https://stackoverflow.com/questions/4325263/how-to-import-a-cer-certificate-into-a-java-keystore
After importing cert, you can connect to documentDB, reference code can be found here :-
> https://docs.aws.amazon.com/documentdb/latest/developerguide/connect_programmatically.html
答案2
得分: 0
I encourage you to avoid packaging the cert as part of your Lambda code. Instead you can get it dynamically from Amazon S3. This will avoid future issues in the future when the cert is rotate. Following a python example:
#Function to download the current docdb certificate
def getDocDbCertificate():
try:
print('Certificate')
clientS3.Bucket('rds-downloads').download_file('rds-combined-ca-bundle.pem', '/tmp/rds-combined-ca-bundle.pem')
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == "404":
print("The object does not exist.")
else:
raise
For you to do that, the role of your Lambda needs permissions to get the object from S3 and S3 access via the Internet or a VPC endpoint.
英文:
I encourage you to avoid packaging the cert as part of your Lambda code. Instead you can get it dynamically from Amazon S3. This will avoid future issues in the future when the cert is rotate. Following a python example:
#Function to download the current docdb certificate
def getDocDbCertificate():
try:
print('Certificate')
clientS3.Bucket('rds-downloads').download_file('rds-combined-ca-bundle.pem', '/tmp/rds-combined-ca-bundle.pem')
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == "404":
print("The object does not exist.")
else:
raise
For you to do that, the role of your Lambda needs permissions to get the object from S3 and S3 access via the Internet or a VPC endpoint.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论