- 最新
- 最多得票
- 最多評論
Hi Stiliyan,
a possible reason for the issue could be that Lambda is running in a VPC lacking access to the internet. To resolve that, you can give your Lambda function public internet access by using a NAT Gateway. To do so, you have to add a NAT gateway in your VPC, and configure the routing table to route the outgoing messages from the subnets of Lambda to the NAT gateway: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
The VPC endpoint for IoT Core only supports the data plane and can't be used for the purpose of your use-case: https://docs.aws.amazon.com/iot/latest/developerguide/IoTCore-VPC.html
best regards, Andrei
Hi Andrei,
The solution with NAT gateway worked. Thanks :) How was I supposed to find out by myself that the lambda being inside VPC was the issue? It is strange that there are no errors/logs whatsoever, or maybe I don't look at the right place for them?
Best regards, Stiliyan
Hi Stiliyan, to me it looks like a failure of AWS SDK for JavaScript v3 to log an error cause by network connectivity issues. Could you please add an issue in https://github.com/aws/aws-sdk-js-v3/issues and post the link here so I can follow-up AWS-internally? Thanks!
相關內容
- AWS 官方已更新 3 年前
- AWS 官方已更新 3 年前
- AWS 官方已更新 5 個月前
Can you pls post the JSON of the policy you added to Lambda execution role to allow Lambda to call AttachPolicy?
@Andrei, I updated the question with the JSON of the policy.
Could you add a logger when instantiating the IoTClient
new IoTClient({ region: "eu-west-1", logger: logger });
and post the log files of your Lambda. Here a sample code using the pino logger:@Jan, I added a logger as in the example during the creation of IoTClient. Unfortunately it does not log anything. Only when I add line by myself, like logger.info('TEST'), there appears a log entry.
Some more information:
The lambda is a pre provisioning hook - https://docs.aws.amazon.com/iot/latest/developerguide/pre-provisioning-hook.html.
My idea is to attach a policy to a certificate during the invocation of the pre-provisioning hook lambda (at this point the certificate is still not activated, but I tested that the AttachPolicy operation works from the AWS console, so it should also be OK programatically with the Javascript IoT client).
Also, the whole solution (policies, lambda, etc...) is deployed with CDK in Java, maybe you might want to check some of the Constructs?