CloudFormation 响应对象超时
CloudFormation Response Object Timeout
我有一个 CloudFormation Lambda 支持的自定义资源,
public 个子网中的 Lambda 函数,但当我检查 cloudWatch 日志时显示如下
日志消息#1
Starting new HTTPS connection (1): cloudformation-custom-resource-response-eucentral1.s3.eu-central-1.amazonaws.com
日志消息#2
Task timed out after 30.03 seconds
我该如何处理这个问题,我的cloudformation如下所示。
Resources:
HelloWorld: #Custom Resource
Type: Custom::HelloWorld
Properties:
ServiceToken:
Fn::GetAtt:
- TestFunction #Reference to Function to be run
- Arn #ARN of the function to be run
Input1:
Ref: Message
TestFunction: #Lambda Function
Type: AWS::Lambda::Function
Properties:
Code:
S3Bucket:
Ref: S3Bucket
S3Key:
Ref: S3Key
Handler:
Fn::Join:
- ''
- - Ref: ModuleName
- ".lambda_handler"
Role:
Fn::GetAtt:
- LambdaExecutionRole
- Arn
VpcConfig:
SecurityGroupIds:
- !Ref SecurityGroup
SubnetIds:
- Fn::Select: [ 0, !Ref PublicSubnet1 ]
- Fn::Select: [ 0, !Ref PublicSubnet2 ]
Runtime: python2.7
Timeout: '30'
LambdaExecutionRole: #IAM Role for Custom Resource
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
Policies:
- PolicyName: root
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: arn:aws:logs:*:*:*
- Effect: Allow
Action:
- ec2:CreateNetworkInterface
- ec2:DescribeNetworkInterfaces
- ec2:DeleteNetworkInterface
Resource: "*"
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: "sec_group_name"
GroupDescription: "SSH traffic in, all traffic out."
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
我的子网路由 table 与 InternetGateway 关联,但它给出 CloudFormationResponse 对象错误,我该如何解决此连接问题。
求助!谢谢 :))
我猜您的 public 子网没有附加 NAT gateway 或 NAT instance(仅 InternetGateway 是不够的)。根据 AWS,这是必需的。如果您的功能不需要一般互联网访问但需要访问 AWS 资源,您应该考虑 VPC Endpoints。它们更便宜,但不确定是否适用于所有资源。
我有一个 CloudFormation Lambda 支持的自定义资源, public 个子网中的 Lambda 函数,但当我检查 cloudWatch 日志时显示如下
日志消息#1
Starting new HTTPS connection (1): cloudformation-custom-resource-response-eucentral1.s3.eu-central-1.amazonaws.com
日志消息#2
Task timed out after 30.03 seconds
我该如何处理这个问题,我的cloudformation如下所示。
Resources:
HelloWorld: #Custom Resource
Type: Custom::HelloWorld
Properties:
ServiceToken:
Fn::GetAtt:
- TestFunction #Reference to Function to be run
- Arn #ARN of the function to be run
Input1:
Ref: Message
TestFunction: #Lambda Function
Type: AWS::Lambda::Function
Properties:
Code:
S3Bucket:
Ref: S3Bucket
S3Key:
Ref: S3Key
Handler:
Fn::Join:
- ''
- - Ref: ModuleName
- ".lambda_handler"
Role:
Fn::GetAtt:
- LambdaExecutionRole
- Arn
VpcConfig:
SecurityGroupIds:
- !Ref SecurityGroup
SubnetIds:
- Fn::Select: [ 0, !Ref PublicSubnet1 ]
- Fn::Select: [ 0, !Ref PublicSubnet2 ]
Runtime: python2.7
Timeout: '30'
LambdaExecutionRole: #IAM Role for Custom Resource
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
Policies:
- PolicyName: root
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: arn:aws:logs:*:*:*
- Effect: Allow
Action:
- ec2:CreateNetworkInterface
- ec2:DescribeNetworkInterfaces
- ec2:DeleteNetworkInterface
Resource: "*"
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: "sec_group_name"
GroupDescription: "SSH traffic in, all traffic out."
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
我的子网路由 table 与 InternetGateway 关联,但它给出 CloudFormationResponse 对象错误,我该如何解决此连接问题。
求助!谢谢 :))
我猜您的 public 子网没有附加 NAT gateway 或 NAT instance(仅 InternetGateway 是不够的)。根据 AWS,这是必需的。如果您的功能不需要一般互联网访问但需要访问 AWS 资源,您应该考虑 VPC Endpoints。它们更便宜,但不确定是否适用于所有资源。