如何讓我的VPC通過雲端訪問互聯網？

我有一個VPC設置，我的lambda函數可以與我的RDS服務器交談。這是行得通的。我也需要我的lambda功能才能訪問互聯網。爲此，我試圖設置一個互聯網網關和允許它的路線。我失敗了。如何讓我的VPC通過雲端訪問互聯網？

的VPC路由和網關創建爲以下

"VPC": { 
    "Type": "AWS::EC2::VPC", 
    "Properties": { 
    "CidrBlock": "10.0.0.0/16", 
    "EnableDnsSupport": "true", 
    "EnableDnsHostnames": "true", 
    "InstanceTenancy": "default", 
    "Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }] 
    } 
}, 

"VPCRouteTable" : { 
    "Type" : "AWS::EC2::RouteTable", 
    "Properties" : { 
     "VpcId" : { "Ref" : "VPC" }, 
     "Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }] 
    } 
}, 

"InternetGateway" : { 
    "Type" : "AWS::EC2::InternetGateway", 
    "Properties" : { 
    "Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }] 
    } 
}, 

"AttachGateway": { 
    "Type" : "AWS::EC2::VPCGatewayAttachment", 
    "Properties" : { 
     "VpcId" : { "Ref" : "VPC" }, 
     "InternetGatewayId" : { "Ref" : "InternetGateway" } 
    } 
}, 

"InternetRoute" : { 
    "Type" : "AWS::EC2::Route", 
    "DependsOn" : "InternetGateway", 
    "Properties" : { 
     "RouteTableId" : { "Ref" : "VPCRouteTable" }, 
     "DestinationCidrBlock" : "0.0.0.0/0", 
     "GatewayId" : { "Ref" : "InternetGateway" } 
    } 
},

我創建子網並將其與路由表

"SubnetA": { 
    "Type": "AWS::EC2::Subnet", 
    "Properties": { 
    "VpcId": { "Ref": "VPC" }, 
    "CidrBlock": "10.0.0.0/24", 
    "AvailabilityZone": { "Fn::Select": [ "0", { "Fn::GetAZs": { "Ref": "AWS::Region" } }]}, 
    "Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }] 
    } 
}, 

"SubnetB": { 
    "Type": "AWS::EC2::Subnet", 
    "Properties": { 
    "VpcId": { "Ref": "VPC" }, 
    "CidrBlock": "10.0.1.0/24", 
    "AvailabilityZone": { "Fn::Select": [ "1", { "Fn::GetAZs": { "Ref": "AWS::Region" } }]}, 
    "Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }] 
    } 
}, 

"SubnetARouteTableAssociation" : { 
    "Type" : "AWS::EC2::SubnetRouteTableAssociation", 
    "Properties" : { 
     "SubnetId" : { "Ref" : "SubnetA" }, 
     "RouteTableId" : { "Ref" : "VPCRouteTable" } 
    } 
}, 

"SubnetBRouteTableAssociation" : { 
    "Type" : "AWS::EC2::SubnetRouteTableAssociation", 
    "Properties" : { 
     "SubnetId" : { "Ref" : "SubnetB" }, 
     "RouteTableId" : { "Ref" : "VPCRouteTable" } 
    } 
},

我有數據庫安全組關聯

"DBSubnetGroup": { 
    "Type": "AWS::RDS::DBSubnetGroup", 
    "Properties": { 
    "DBSubnetGroupDescription": "Database Access", 
    "SubnetIds" : [{ "Ref": "SubnetA" }, { "Ref": "SubnetB" }], 
    "Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }] 
    } 
}, 

"DBEC2SecurityGroup": { 
    "Type": "AWS::EC2::SecurityGroup", 
    "Properties": { 
    "GroupDescription": "Security group for RDS DB Instance", 
    "VpcId": {"Ref": "VPC"}, 
    "SecurityGroupIngress" : [{ 
     "IpProtocol": "tcp", 
     "FromPort": "3306", 
     "ToPort": "3306", 
     "CidrIp": "10.0.0.0/16" 
    }], 
    "Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }] 
    } 
},

和拉姆達安全組

"LambdaSecurityGroup": { 
    "Type": "AWS::EC2::SecurityGroup", 
    "Properties": { 
    "GroupDescription": "Security group for Lambda", 
    "VpcId": {"Ref": "VPC"}, 
    "Tags" : [{ "Key": "Name", "Value": { "Ref": "DomainName" } }] 
    } 
},

因此，現在，我的lambda可以與數據庫交談就好了。但他們無法到達互聯網。我錯過了什麼？

來源

2017-04-14 Justin808

如果您的lambda函數需要訪問您的VPC資源和Internet，然後創建2個子網：public和private。將您的lambda放入私有子網並在公有子網中配置NAT。

從http://docs.aws.amazon.com/lambda/latest/dg/vpc.html

因此，如果您的lambda函數需要Internet訪問（例如，訪問AWS服務沒有終點VPC，如亞馬遜室壁運動），可以配置NAT VPC內的實例或可以使用Amazon VPC NAT網關。有關更多信息，請參閱Amazon VPC用戶指南中的NAT 網關。

來源

2017-04-14 11:40:05 Vor

我的理解是我不需要昂貴的ec2，每天24小時運行NAT。由於這個原因，AWS製作了互聯網網關。我不想運行和ec2實例。 – Justin808

@ Justin808你的理解是不正確的。互聯網網關僅由公共子網上的實體使用，該網絡也具有關聯的公共IP地址。要從沒有公共IP地址的任何實體（包括Lambda容器）訪問Internet，需要NAT網關（不在EC2實例上運行）或NAT實例（當然是EC2實例）** ** 。您可以使用t2.nano作爲完美的NAT實例，價格約爲5美元/月。 –

如何讓我的VPC通過雲端訪問互聯網？

回答

相關問題