【发布时间】:2021-01-05 15:03:25
【问题描述】:
我在需要写入 SNS 主题的 VPC 中有一个 lambda。我知道我需要aws_vpc_endpoint 才能完成这项工作。
但是,我的 lambda 在尝试写入 SNS 时仍然超时。
data "aws_vpc_endpoint_service" "sns" {
service = "sns"
}
resource "aws_security_group" "sns_endpoint" {
name = "sns-endpoint"
vpc_id = aws_default_vpc.default.id
}
resource "aws_vpc_endpoint" "sns_endpoint" {
vpc_id = aws_default_vpc.default.id
vpc_endpoint_type = "Interface"
service_name = data.aws_vpc_endpoint_service.sns.service_name
security_group_ids = [ aws_security_group.sns_endpoint.id ]
private_dns_enabled = true
subnet_ids = [
data.aws_subnet.selected.id,
aws_default_subnet.subnet_a.id,
aws_default_subnet.subnet_b.id
]
policy = <<EOF
{
"Statement": [
{
"Sid": "SNS-full-access",
"Principal": "*",
"Action": "sns:*",
"Effect": "Allow",
"Resource": "*"
}
]
}
EOF
}
resource "aws_security_group" "my_func" {
name = "my-func"
vpc_id = aws_default_vpc.default.id
egress {
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0" ]
}
}
resource "aws_lambda_function" "my_func" {
function_name = "my-func"
role = aws_iam_role.my_func.arn
timeout = 900
memory_size = 512
vpc_config {
subnet_ids = [ data.aws_subnet.selected.id ]
security_group_ids = [ aws_security_group.my_func.id ]
}
}
已为 VPC 启用 DNS 主机名和 DNS 解析。
我错过了什么?
【问题讨论】:
-
请将
aws_security_group.sns_endpoint配置添加到您的问题中。另外,VPC 上是否启用了 DNS 支持? -
VPC 流日志能否帮助您确定 SNS 流量被丢弃的位置?
-
@MarkB 安全组为空。为 VPC 启用了 DNS 主机名和解析。
标签: amazon-web-services terraform amazon-sns amazon-vpc terraform-provider-aws