Connecting to DocumentDB from AWS Lambda using Python

▼魔方 西西 提交于 2020-12-12 09:44:20

问题


I am trying to connect to DocumentDB from a Lambda function.

I have configured my DocumentDB as per this tutorial and can access it through the cloud9 command prompt.

The documentDB cluster is part of two security groups. The first security group is called demoDocDB and the second called default and is the vpc defulat security group.

The inbound rules for demoDocDB forward requests from the cloud9 instance to port 27017 where my documentDB database is running.

The inbound rules for the defualt security group specify all traffic, all port ranges and a source of itself. The VPC ID is the default VPC setup.

In lambda when editing the VPC details, I have inputted:

  1. VPC - The defualt VPC
  2. Subnets - Chosen all 3 subnets available
  3. Security Groups - The default security group for VPC

The function has worked twice in writting to the Database, the rest of the time it has timed out, the timeout on the Lambda function is 2 minutes but before reaching that it will throw a time out error.

[ERROR] ServerSelectionTimeoutError: MY_DATABASE_URL:27017: [Errno -2] Name or service not known

The snippet of code below is what is trying to be executed, the function will never reach the print("INSERTED DATA") it times out during the insert statement.

def getDBConnection():
    client = pymongo.MongoClient(***MY_URL***) 

    ##Specify the database to be used
    db = client.test
    print("GOT CONNECTION",db)

    ##Specify the collection to be used
    col = db.myTestCollection
    print("GOT COL",col)

    ##Insert a single document
    col.insert_one({'hello':'Amazon DocumentDB'})
    print("INSERTED DATA")

    ##Find the document that was previously written
    x = col.find_one({'hello':'Amazon DocumentDB'})

    ##Print the result to the screen
    print("RETRIEVED DATA",x)

    ##Close the connection
    client.close()

I have tried changing the version of pymongo as this thread suggested however it did not help.


回答1:


  1. Make sure your Lambda function is not in the public subnet, otherwise, it will not work. So, that means you need to go back to the Lambda console and remove the public subnet from the VPC editable section.

  2. Make sure you have a Security group specifically for your Lambda Function as follows:

Lambda Security Group Outbound Rule:

Type            Protocol      Port Range       Destination
All Traffic     All           All              0.0.0.0/0

You can also restrict this to HTTP/HTTPS on Ports 80/443 if you'd like.

2.Check the Security Group of your DocumentDB Cluster to see if it is set up with an inbound rule as follows:

Type            Protocol      Port Range       Source
Custom TCP      TCP           27017            Lambda Security Group
  1. Your Lambda Function needs to have the correct permissions, those are:
    1. Managed policy AWSLambdaBasicExecutionRole
    2. Managed policy AWSLambdaVPCAccessExecutionRole

After doing this your VPC section should look something like this: 1. VPC - The default VPC 2. Subnets - Chosen 2 subnets (Both Private) 3. Security Group for your Lambda function. Not the default security group

And that should do it for you. Let me know if it does not work though and I'll try and help you troubleshoot.



来源:https://stackoverflow.com/questions/65222660/connecting-to-documentdb-from-aws-lambda-using-python

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!