- 最新
- 最多得票
- 最多評論
Hello.
Question 1 - Is the outbound SQS traffic from my Lambda function able to reach the public SQS service because the traffic is flowing into my private subnet, then to the public subnet NAT router (allowed due to the 0.0.0.0/0 rule on the function SG), hitting the SQS public API end point, and returning the same way? That is the only thing I can think of that allows this to work.
Yes, with NAT Gateway, you can access SQS from Lambda without having to set up a VPC endpoint.
It is also mentioned in the documentation below.
https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html#vpc-internet
Question 2 - My Lambda function can publish messages to MSK. I assume that is because this outbound traffic flows to the private subnet and the MSK brokers are already running in that same subnet so the routing to those brokers seems obvious being all within the same subnet already.
I think it's a private connection if it's within the same VPC.
https://docs.aws.amazon.com/msk/latest/developerguide/client-access.html
Question 3 - If question 1 is yes, I may want to eliminate that hop through the public internet for the SQS send message traffic. To do that, I believe I would need to do the following:
Yes, by creating a VPC endpoint, you can access SQS privately without going through NAT Gateway.
Also, I think you can connect using the settings you described.
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-sending-messages-from-vpc.html#create-vpc-endpoint-for-sqs
Question 4 - If I do #3, do I need to configure my SQS client (i am using the Go SDK) with one of the alternate endpoint DNS names that are created when you create a VPC end point or does it some how automatically resolve to the VPC end point when the traffic originates from within AWS?
As far as I can see here, it seems that you need to set endpoint_url.
https://github.com/boto/boto3/issues/1900
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/core/session.html
import boto3
session = boto3.Session()
sqs_client = session.client(
service_name='sqs',
endpoint_url='https://sqs.ap-northeast-1.amazonaws.com',
)
sqs_client.send_message(...)
相關內容
- 已提問 7 個月前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 7 個月前
- AWS 官方已更新 1 年前
Thank you very much for your timely answers. Much appreciate the doc links and configuration on my thinking here.