Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Connect a Lambda function to an S3 bucket while being connected to a VPC to make queries to a private RDS.

0

I'm creating a Lambda function that receives parameters in a POST request, including an object (CSV file) that I need to access and execute a series of queries based on its content to a private RDS.

I can access the S3 bucket if the Lambda function is not associated with a VPC, but in this case, I cannot access the private RDS. Also I have reviewed the security groups, route tables, and there is an internet gateway. I have also checked the IAM policies, which allow listing and reading from any bucket.

Themen
SpeicherVernetzung & Bereitstellung von InhaltenServerlosKalkulationDatenbank
Tags
Amazon Simple Storage ServiceAmazon VPCAWS LambdaAurora PostgreSQL
Sprache
English
jlroser
gefragt vor einem Jahr582 Aufrufe
2 Antworten
3
Akzeptierte Antwort

This is very common scenario as same applicable for all compute. As a best practice you should create Lambda within VPC so you can access RDS. To access S3 from Lambda function inside a VPC, use VPC endpoints

profile pictureAWS
Nirmal
beantwortet vor einem Jahr
profile picture
EXPERTE
Giovanni Lauria
überprüft vor einem Monat
  • Gary Mclean EXPERTE
    vor einem Jahr

    And or have your Lambda function connect to a subnet with a route to a NAT gateway to provide internet connectivity so that you can reach services such as S3.

    However, I do agree with Nirmal. Create VPC Endpoints. I believe a S3 gateway endpoint is free. Make sure you have a route with the preflix list applied to the subnet where your Lambda function connects

  • jlroser
    vor einem Jahr

    Thanks to all. I follow the advice and create the endpoint and works properly.

1

You must connect the Lambda to a VPC that can communicate with the database or look at other options, such as RDS Proxy or the RDS Data API. I haven't used RDS Proxy or RDS's Data API recently, and I can't remember if they enable communication with the DB without being in the private VPC, but that is where I would look first.

profile picture
Jason Butz
beantwortet vor einem Jahr
  • jlroser
    vor einem Jahr

    Thanks for the advice, I made the endpoint first and it works, perhaps in another time I can try the proxy.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt