访问 AWS Lambda 中的 SQS 使用 Java 时超时问题

huangapple go评论83阅读模式
英文:

Timeout when accessing SQS from AWS Lambda using Java

问题

我正在编写一个Lambda函数(使用Java),应该向SQS添加一条消息。

Lambda具有访问任何SQS的权限(AmazonSQSFullAccess):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "sqs:*"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

我的代码正在使用标准的SQS客户端:

private final AmazonSQS sqs = AmazonSQSClientBuilder.standard().withRegion(Regions.EU_NORTH_1).build();

问题是当尝试获取队列列表或发送消息时,Lambda永远不会结束(超时):

ListQueuesResult result = sqs.listQueues();

SendMessageRequest sendMsgRequest = new SendMessageRequest()
        .withQueueUrl(queueUrl)
        .withMessageBody(assetBody)
        .withDelaySeconds(0);
sqs.sendMessage(sendMsgRequest);

我的问题是,在实例化sqs客户端时是否应该提供凭据(由于Lambda是使用terraform脚本编写的,所以做起来不容易/不方便),还是我做错了其他事情?

Lambda的超时设置目前为30秒。

谢谢,
Chris

英文:

I'm writing a Lambda function (in Java) that should add a message to the SQS.

Lambda has permissions to access any SQS (AmazonSQSFullAccess):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "sqs:*"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

My code is using a standard SQS client:
private final AmazonSQS sqs = AmazonSQSClientBuilder.standard().withRegion(Regions.EU_NORTH_1).build();

The problem is lambda never ends (timeouts) when trying to get list of queues or send a message:

ListQueuesResult result = sqs.listQueues();

SendMessageRequest sendMsgRequest = new SendMessageRequest()
        .withQueueUrl(queueUrl)
        .withMessageBody(assetBody)
        .withDelaySeconds(0);
sqs.sendMessage(sendMsgRequest);

My question is whether I should provide credentials when instantiating the sqs client (lambda is scripted with terraform, so it's not easy/nice to do it) or I'm doing wrong something else?

Lambda timeout is set to 30s now.

thanks,
Chris

答案1

得分: 0

如果存在权限问题,您可能会收到类似访问被拒绝或未经授权的错误。这看起来不像是函数能够与 SQS 进行通信(网络超时)。

所有位于 VPC(虚拟私有云)之外的 Lambda 函数都应能够访问互联网上的任何资源。话虽如此,在这里,Lambda 函数似乎是位于 VPC 内部的。

当 Lambda 函数位于 VPC 内部并且希望访问互联网(在这种情况下是 SQS),Lambda 函数应位于 VPC 的私有子网中。该子网的默认路由应指向位于该 VPC 的公共子网中的 NAT 网关。

除此之外,请检查与 Lambda 函数关联的安全组,它应该具有允许来自所有端口的所有流量的出站规则。

参考链接:

英文:

If there was a permission issue, you would be able to get an error like access denied or unauthorized. This looks like the function is not able to communicate to sqs at all (network timeout).

All lambda functions outside a vpc should be able to access any resource on the internet. That being said it looks like the lambda function here is inside a VPC.

When a lambda function is inside a VPC and it wants to access intenet (in this case a sqs) the lambda function should be in a private subnet of the VPC. With the default route of that subnet pointing to a NAT gateway in a public subnet of that VPC.

https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/

Other than this check the security group linked with lambda function it should have a outbound rule to allow all traffic coming from all ports.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html#adding-security-group-rule

huangapple
  • 本文由 发表于 2020年8月22日 04:18:22
  • 转载请务必保留本文链接:https://go.coder-hub.com/63529576.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定