can AWS Lambda connect to RDS mySQL database and u

2019-01-13 00:48发布

问题:

I am trying to connect AWS Lambda function to RDS mysql database.
I just wanted to update the database from my lambda function. Is it possible to access RDS by specifiying IAM Role and access Policy?.
I can connect to mysql databse using mysql client.but when i try on lambda i can't do that. here is my code.

console.log('Loading function');
var doc = require('dynamodb-doc');
var dynamo = new doc.DynamoDB();
var mysql = require('mysql');
exports.handler = function(event, context) {
    //console.log('Received event:', JSON.stringify(event, null, 2));  
    var operation = event.operation;
    delete event.operation;
    switch (operation) {
        case 'create':
            var conn = mysql.createConnection({
                host: 'lamdatest.********.rds.amazonaws.com', // RDS endpoint 
                user: 'user', // MySQL username 
                password: 'password', // MySQL password 
                database: 'rdslamda'
            });
            conn.connect();
            console.log("connecting...");
            conn.query('INSERT INTO login (name,password) VALUES("use6","password6")', function(err, info) {
                console.log("insert: " + info.msg + " /err: " + err);
            });
            console.log("insert values in to database");
            break;
        case 'read':
            dynamo.getItem(event, context.done());
            break;

        default:
            context.fail(new Error('Unrecognized operation "' + operation + '"'));

    }
    context.succeed();
};

回答1:

Yes. You can access a MySql RDS database from AWS Lambda.

You can use node-mysql library.

  • Link: https://github.com/felixge/node-mysql/

However, there is a big caveat that goes with it.

AWS Lambda does not (currently) have access to private subnets inside a VPC. So in order for AWS Lambda to access your RDS database, it must be publicly accessible, which could be a security risk for you.

Update (2015-10-30): AWS Lambda announced upcoming VPC support (as of re:Invent 2015), so this won't be an issue for much longer.

Update (2015-11-17): AWS Lambda still does not have VPC support.

Update (2016-02-11): AWS Lambda can now access VPC resources:

https://aws.amazon.com/blogs/aws/new-access-resources-in-a-vpc-from-your-lambda-functions/

To achieve this functionality, your Lambda function will actually execute inside your VPC in a subnet. Some caveats come with this functionality:

  • The VPC subnet needs enough free IP addresses to handle Lambda's scaling
  • If your Lambda function needs internet access, then it's designated VPC subnet will need an Internet Gateway or NAT


回答2:

Since Lambda uses Node.js, Java and Python as a backend programming/scripting language, you can definitely use it to connect to RDS. (Link)

Finally, This is the documentation on specifying IAM Roles when connecting to RDS. (See image below):



回答3:

try this tutorial: http://docs.aws.amazon.com/lambda/latest/dg/vpc-rds.html

In this tutorial, you do the following:

Launch an Amazon RDS MySQL database engine instance in your default Amazon VPC.

In the MySQL instance, you create a database (ExampleDB) with a sample table (Employee) in it.

Create a Lambda function to access the ExampleDB database, create a table (Employee), add a few records, and retrieve the records from the table.

Invoke the Lambda function manually and verify the query results.



回答4:

I just wanted to update the database from my lambda function. Is it possible to access RDS by specifiying IAM Role and access Policy?.

No you cannot. You need to provide DB url/username/password to connect. You may need to run Lambda in same VPC if it is in private subnet. See my pointers below.

I can connect to mysql databse using mysql client.but when i try on lambda i can't do that.

This is strict No , No! Your RDS should not be accessible from Internet unless you really need it. Try to run it in private subnet and configure other AWS services accordingly.

Two cents from my end if you are getting timeouts accessing resourced from Lambda-

  1. By default Lambda has internet access and can access online resources.
  2. Lambda cannot access services rurnning in private subnet of your VPC.
  3. To connect to services in private subnet you need to run the lambda is private subnet. For this you need to go to Network section and configure your VPC, subnets and security group.
  4. However note that when you do this you will loose Internet access. If you still need Internet access you will have to spin up a NAT gateway or NAT instance in public subnet and configure route from private subnet to this NAT.
  5. I faced this when I was trying to connect to RDS in private subnet from my lambda. Since I used KMS to encrypt some environment variables and decryption part requires Internet access I had to use a NAT gateway.

More details - http://docs.aws.amazon.com/lambda/latest/dg/vpc.html#vpc-internet

How to connect to postgres RDS from AWS Lambda

PS: Above links go to my personal blog that has additional relevant information.