我有一个lambda函数,它通过ssh连接在ec2实例中。 lambda函数和实例都在同一个VPC中。 Lambda函数具有管理员访问权限(完全访问权限)的IAM角色。 当我执行该函数时,我得到“错误:等待握手时超时”。
我想我需要在实例中设置安全组以允许端口22中的连接。但是对于哪些IP? 我是否需要配置其他内容以允许ssh连接?
I have a lambda function that connects in an ec2 instance by ssh. Both lambda function and instance are in the same VPC. Lambda function has IAM Role with Administrator Access (full access). When I execute the function, I get "Error: Timed out while waiting for handshake".
I think I need to set security group in the instance to allow connections in port 22. But for which IPs? Do I need to configure something else to allow the ssh connection?
最满意答案
是的,您需要打开端口22,但不能打开特定的IP地址。 您应该为Lambda函数分配一个安全组,让我们调用“SG-A”。 现在进入分配给EC2实例的安全组(让我们称之为“SG-B”)并为端口22创建新的入站规则,并且当源使用SG-A的ID时,您分配给Lambda的组功能。 该ID看起来像“sg-xxxxxxxxx”。 现在属于SG-A的任何东西都可以访问属于SG-B的任何东西的端口22。
顺便说一句,IAM角色无关紧要。
Yes you need to open port 22, but not to specific IP addresses. You should have assigned a Security Group to your Lambda function, lets call that "SG-A". Now go into the Security Group assigned to the EC2 instance (let's call this "SG-B") and create a new inbound rule for port 22, and as the source use the ID of SG-A, the group you assigned to your Lambda function. The ID will look something like "sg-xxxxxxxxx". Now anything belonging to SG-A can access port 22 on anything belonging to SG-B.
The IAM Role is irrelevant by the way.
更多推荐
发布评论