我正在尝试运行 lambda 函数来调用位于私有子网中的 Fargate 服务。
当我在 S3 存储桶中插入文件时会触发 lambda。
我制作了一个网络负载均衡器(AWS::ElasticLoadBalancingV2::LoadBalancer),它在端口 80 上进行侦听,并将 Fargate 作为目标组:
LoadBalancerLRS:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Scheme: internal
Subnets:
- !ImportValue SubnetPrivate1
- !ImportValue SubnetPrivate2
Type: network
LoadBalancerListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- TargetGroupArn: !Ref TargetGroupService
Type: forward
LoadBalancerArn: !Ref LoadBalancerLRS
Port: 80
Protocol: TCP
我打电话给网络负载均衡器并不断收到此错误:错误:连接 ECONNREFUSED 127.0.0.1:80
我的 VPC 启用了 DNS 选项,我配置了 DHCP 选项,如下所示:
DHCPOptions:
Type: AWS::EC2::DHCPOptions
Properties:
DomainName:
Fn::If:
- WEuropeRegionCondition
- ec2.internal
- Fn::Join:
- ''
- - !Ref AWS::Region
- ".compute.internal"
DomainNameServers:
- AmazonProvidedDNS
VPCDHCPOptionsAssociation:
Type: AWS::EC2::VPCDHCPOptionsAssociation
Properties:
VpcId: !Ref myVPC
DhcpOptionsId: !Ref DHCPOptions
我的 lambda 执行角色是这样的:
LambdaExecutionRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
Policies:
- PolicyName: S3Policy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 's3:PutObject'
- 'S3:DeleteObject'
Resource: !Sub 'arn:aws:s3:::*'
- Effect: Allow
Action:
- "logs:CreateLogGroup"
- "logs:CreateLogStream"
- "logs:PutLogEvents"
Resource: !Sub 'arn:aws:logs:::*'
- Effect: Allow
Action:
- "ec2:CreateNetworkInterface"
- "ec2:DescribeNetworkInterfaces"
- "ec2:DeleteNetworkInterface"
- "ec2:DescribeSecurityGroups"
- "ec2:DescribeSubnets"
Resource: !Sub '*'
我正在使用 axios npm 库来调用网络负载均衡器生成的 DNS 名称。
lambda函数和fargate的安全组是一样的,都是“All Open”。
该服务正在运行,并且运行状况检查正常。
那么为什么我无法访问网络负载均衡器有什么线索吗?