Setting up a NAT gateway with VPC using Serverless framework

风格不统一 提交于 2019-12-10 13:40:20

问题


I'm trying to use the serverless framework to create a Lambda function that can access an Elasticache cluster, as well as call out to the internet.

I've got as far as configuring serverless.yml to create the Lambda function, create the Elasticache cluster (memcached engine), and finally to create a VPC and place both the Lambda function and Elasticache cluster within it (otherwise, they cannot communicate).

I understand that things within a VPC do not have access to the internet, and from researching around the topic I've come to the conclusion that the best practice way of handling this is to create a NAT gateway for the VPC that will allow it external access.

I can see how to do this within the AWS Console, however I'd like to stick to defining this within serverless.yml to avoid any manual infrastructure setup.

  • Is it possible to create a NAT gateway within serverless.yml?
  • Is creating a NAT gateway the correct way of doing this? (Are there better options?)

Additional information

In getting to the point I'm currently at, I heavily copied from one of the serverless examples (it's a Java based example, but the concept and service definition is the same). It creates a Lambda function, an Elasticache cluster, and puts them in a VPC so they can communicate. I believe it has the same issue whereby the Lambda function cannot access the internet. https://github.com/mugglmenzel/serverless-examples-cached-rds-ws/blob/master/serverless.yml


回答1:


You have to configure a NAT instance or a managed NAT Gateway to provide internet access to your Lambdas inside the VPC. You may have to use the resource section of your serverless.yml file to create the NAT Gateway / NAT Instance resource.

Have a look at the resources section of the Serverless Framework documentation. These resources will be added to the cloudformation stack upon serverless deploy

You can overwrite/attach any kind of resource to your CloudFormation stack. You can add Resources, Outputs or even overwrite the Description. You can also use Serverless Variables for sensitive data or reusable configuration in your resources templates.

So you can add the Cloudformation template for a NAT Gateway inside the resource section.

For Example,

Resources:
  NatGateway:
  Type: AWS::EC2::NatGateway
  DependsOn: NatEIP
  Properties:
    AllocationId:
      Fn::GetAtt:
      - NatEIP
      - AllocationId
    SubnetId:
      Ref: PublicSubnet
  NatEIP:
    Type: AWS::EC2::EIP
    Properties:
      Domain: vpc
  NatRoute:
    Type: AWS::EC2::Route
    DependsOn: NatGateway
    Properties:
      RouteTableId:
        Ref: PrivateRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      NatGatewayId:
        Ref: NatGateway

Here is a link to a complete CloudFormation snippet of Lambda inside VPC.




回答2:


I created an example of lambda with vpc, eslaticache and NAT gateway. You can check at https://github.com/ittus/aws-lambda-vpc-nat-examples



来源:https://stackoverflow.com/questions/45751946/setting-up-a-nat-gateway-with-vpc-using-serverless-framework

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!