时间戳

首页 > 解决方案 > 从 Lambda 访问 AWS SQS 时,“客户端网络套接字在建立安全 TLS 连接之前已断开”

aws-lambda - 从 Lambda 访问 AWS SQS 时,“客户端网络套接字在建立安全 TLS 连接之前已断开”

问题描述

我有一个定期调用 AWS Lambda的Cloudwatch 事件规则。此 Lambda 尝试使用receiveMessage SDK 方法从 AWS SQS 队列中提取消息。然后,如果有消息,它会调用 AWS Step Function。此过程在本地调用时有效。但是,当 Cloudwatch 触发它时,我收到错误消息Client network socket disconnected before secure TLS connection was established。请参阅下面的代码:

module.exports.triggerStepFunction = () => {
  let sqs = new AWS.SQS({apiVersion: '2012-11-05'})

  let params = {
    QueueUrl: 'my_endpoint',
    AttributeNames: [
      'All'
    ],
    MessageAttributeNames: [
      'All'
    ],
    MaxNumberOfMessages: 1,
    ReceiveRequestAttemptId: Date.now().toString(),
    VisibilityTimeout: 10,
    WaitTimeSeconds: 6
  }
  sqs.receiveMessage(params, function(err, receiveMessageData) {
    if (err) {
      return err
    } else {
      return receiveMessageData
    }
  })
}

发生了什么,我该如何解决?

标签: aws-lambdaamazon-sqsamazon-cloudwatchaws-step-functions

解决方案

看起来解决方案是创建一个具有适当权限的新 IAM 角色并将其附加到 lambda。我正在使用Serverless,所以我将以下内容添加到我的serverless.yml文件中并将其附加到 lambda:

resources:
  Resources:
    SQSLambdaRole: 
      Type: AWS::IAM::Role
      Properties: 
        AssumeRolePolicyDocument: 
          Version: '2012-10-17'
          Statement: 
          - Effect: Allow
            Principal: 
              Service: lambda.amazonaws.com
            Action: 
            - sts:AssumeRole
        Path: '/'
        Policies: 
        - PolicyName: logs
          PolicyDocument: 
            Statement: 
            - Effect: Allow
              Action: 
              - logs:CreateLogGroup
              - logs:CreateLogStream
              - logs:PutLogEvents
              Resource: arn:aws:logs:*:*:*
        - PolicyName: sqs
          PolicyDocument: 
            Statement: 
            - Effect: Allow
              Action: 
              - sqs:ReceiveMessage
              - sqs:SendMessage
              - sqs:DeleteMessage
              Resource: <MY_SQS_RESOURCE_ARN>

推荐阅读