- Le plus récent
- Le plus de votes
- La plupart des commentaires
Hello.
Question 1 - Is the outbound SQS traffic from my Lambda function able to reach the public SQS service because the traffic is flowing into my private subnet, then to the public subnet NAT router (allowed due to the 0.0.0.0/0 rule on the function SG), hitting the SQS public API end point, and returning the same way? That is the only thing I can think of that allows this to work.
Yes, with NAT Gateway, you can access SQS from Lambda without having to set up a VPC endpoint.
It is also mentioned in the documentation below.
https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html#vpc-internet
Question 2 - My Lambda function can publish messages to MSK. I assume that is because this outbound traffic flows to the private subnet and the MSK brokers are already running in that same subnet so the routing to those brokers seems obvious being all within the same subnet already.
I think it's a private connection if it's within the same VPC.
https://docs.aws.amazon.com/msk/latest/developerguide/client-access.html
Question 3 - If question 1 is yes, I may want to eliminate that hop through the public internet for the SQS send message traffic. To do that, I believe I would need to do the following:
Yes, by creating a VPC endpoint, you can access SQS privately without going through NAT Gateway.
Also, I think you can connect using the settings you described.
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-sending-messages-from-vpc.html#create-vpc-endpoint-for-sqs
Question 4 - If I do #3, do I need to configure my SQS client (i am using the Go SDK) with one of the alternate endpoint DNS names that are created when you create a VPC end point or does it some how automatically resolve to the VPC end point when the traffic originates from within AWS?
As far as I can see here, it seems that you need to set endpoint_url.
https://github.com/boto/boto3/issues/1900
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/core/session.html
import boto3
session = boto3.Session()
sqs_client = session.client(
service_name='sqs',
endpoint_url='https://sqs.ap-northeast-1.amazonaws.com',
)
sqs_client.send_message(...)
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 7 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
Thank you very much for your timely answers. Much appreciate the doc links and configuration on my thinking here.