-1

我是 AWS 新手。我正在尝试将我的 lambda 函数建立到 AWS Redshift,以便我可以查询数据库。我已将凭据存储在密钥管理器中。

我了解密钥管理器提供了一个示例代码来检索应用程序中的 sercet。但是,在我的 lambda 函数中复制代码后,我不知道如何开始。

处理程序.py

# Use this code snippet in your app.
# If you need more information about configurations or implementing the sample code, visit the AWS docs:   
# https://aws.amazon.com/developers/getting-started/python/

import boto3
import base64
from botocore.exceptions import ClientError


def get_secret():

    secret_name = "mykeyname"
    region_name = "myregionname"

    # Create a Secrets Manager client
    session = boto3.session.Session()
    client = session.client(
        service_name='secretsmanager',
        region_name=region_name
    )

    # In this sample we only handle the specific exceptions for the 'GetSecretValue' API.
    # See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
    # We rethrow the exception by default.

    try:
        get_secret_value_response = client.get_secret_value(
            SecretId=secret_name
        )
    except ClientError as e:
        if e.response['Error']['Code'] == 'DecryptionFailureException':
            # Secrets Manager can't decrypt the protected secret text using the provided KMS key.
            # Deal with the exception here, and/or rethrow at your discretion.
            raise e
        elif e.response['Error']['Code'] == 'InternalServiceErrorException':
            # An error occurred on the server side.
            # Deal with the exception here, and/or rethrow at your discretion.
            raise e
        elif e.response['Error']['Code'] == 'InvalidParameterException':
            # You provided an invalid value for a parameter.
            # Deal with the exception here, and/or rethrow at your discretion.
            raise e
        elif e.response['Error']['Code'] == 'InvalidRequestException':
            # You provided a parameter value that is not valid for the current state of the resource.
            # Deal with the exception here, and/or rethrow at your discretion.
            raise e
        elif e.response['Error']['Code'] == 'ResourceNotFoundException':
            # We can't find the resource that you asked for.
            # Deal with the exception here, and/or rethrow at your discretion.
            raise e
    else:
        # Decrypts secret using the associated KMS CMK.
        # Depending on whether the secret is a string or binary, one of these fields will be populated.
        if 'SecretString' in get_secret_value_response:
            secret = get_secret_value_response['SecretString']
        else:
            decoded_binary_secret = base64.b64decode(get_secret_value_response['SecretBinary'])
            
    # Your code goes here.

如何检查连接是否建立以及如何从红移查询?

而且我知道我们需要在代码中包含 lambda_handler(event,context) 。

4

1 回答 1

1

在 Amazon Redshift 中运行查询有两种方法。

SQL 客户端

Amazon Redshift 基于 PostgreSQL。因此,您可以使用任何知道如何与 PostgreSQL 对话的SQL 客户端。

对于 Python,一个流行的选择是使用Psycopg - Python 的 PostgreSQL 数据库适配器

要连接,您需要提供端点、用户名和密码。确保 Redshift 数据库上的安全组允许来自与 AWS Lambda 函数关联的安全组的访问。

红移数据 API

连接到 Redshift 的一种新方法是通过Data API,它避免了对 SQL 客户端的需求。

它使用 IAM 凭证,因此您实际上不需要将该密码存储在 Secrets Manager 中。此外,它不需要连接到与 Redshift 数据库相同的 VPC。

坦率地说,这听起来是一种更好的连接方式。(我自己还没试过。)

请参阅:宣布适用于 Amazon Redshift 的数据 API

于 2020-09-21T09:08:52.937 回答