AWS lambda RDS代理网络错误PostgreSQL无用Server V2
我正在使用lambda函数在RDS无服务器V2群集实例中查询数据。 一切都在VPC中。 Lambda位于E1A,E1B,E1C中,RDS实例位于E1A中。
我将python 3.9与sqlalchemy一起使用,驾驶员使用PG8000。
我可以使用以下代码连接到群集作者端点,而不会出现问题:
from sqlalchemy import create_engine
from sqlalchemy.ext.automap import automap_base
from sqlalchemy.orm import sessionmaker
from sqlalchemy.engine.url import URL
from sqlalchemy.orm import Session
from sqlalchemy import insert, func
import boto3
client = boto3.client('rds')
DATABASE_PASSWORD = client.generate_db_auth_token(DBHostname = 'rds-cluster-writer-endpoint', Port = DATABASE_PORT, DBUsername = DATABASE_USERNAME, Region = None)
DATABASE_CONNECTION_URL = URL.create(
drivername = 'postgresql+pg8000',
username = DATABASE_USERNAME,
password = DATABASE_PASSWORD,
host = 'rds-cluster-writer-endpoint',
port = DATABASE_PORT,
database = DATABASE_SCHEMA
)
engine = create_engine(DATABASE_CONNECTION_URL, connect_args={'ssl_context': True})
print(engine.execute("select * from wtf_aws;"))
但是如果可能的话,我想使用RDS代理。
设置RDS代理后,我修改了上述主机参数以改用代理端点。我还为代理启用了IAM auth。
旁注:我注意到一些奇怪的行为,如果您将IAM auth设置为启用RDS代理,则该连接似乎失败了,如果您不这样代码>密码值。这是为什么?在秘密中,我将用户名设置为我在RDS实例中创建的用户名的用户名,并为此创建了与类似策略的IAM策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds-db:connect"
],
"Resource": [
"xxx"
]
}
]
}
我将密码设置为随机的内容。如果我们使用IAM auth,为什么我们还必须有一个秘密?为什么秘密需要包含用户名 /密码值?
好吧,回到主要问题。因此,一旦我将这些东西放置在适当的位置,而Python代码指向代理主机而不是集群作者主机,我会在日志中获得以下错误:
errorMessage": "(pg8000.exceptions.InterfaceError) network error\n[SQL: select pg_catalog.version()]\n(Background on this error at: https://sqlalche.me/e/14/rvf5)
有人知道如何解决此问题吗?我真的很想使用RDS代理!
I am using a lambda function to query data in an RDS serverless v2 cluster instance.
Everything is in a VPC. The lambda sits in e1a, e1b, e1c, and the rds instance sits in e1a.
I'm using Python 3.9 with SQLAlchemy, and PG8000 for the driver.
I can connect to the cluster writer endpoint without issue using the following code:
from sqlalchemy import create_engine
from sqlalchemy.ext.automap import automap_base
from sqlalchemy.orm import sessionmaker
from sqlalchemy.engine.url import URL
from sqlalchemy.orm import Session
from sqlalchemy import insert, func
import boto3
client = boto3.client('rds')
DATABASE_PASSWORD = client.generate_db_auth_token(DBHostname = 'rds-cluster-writer-endpoint', Port = DATABASE_PORT, DBUsername = DATABASE_USERNAME, Region = None)
DATABASE_CONNECTION_URL = URL.create(
drivername = 'postgresql+pg8000',
username = DATABASE_USERNAME,
password = DATABASE_PASSWORD,
host = 'rds-cluster-writer-endpoint',
port = DATABASE_PORT,
database = DATABASE_SCHEMA
)
engine = create_engine(DATABASE_CONNECTION_URL, connect_args={'ssl_context': True})
print(engine.execute("select * from wtf_aws;"))
But I would like to use an RDS proxy if possible.
After setting up an RDS proxy, I modified the above host parameters to use the proxy endpoint instead. I enabled IAM auth as well for the proxy.
Side note: I noticed some weird behavior where if you set IAM auth to enabled for the RDS proxy, the connection seems to fail if you don't 1) have a secret 2) containing a username and password value. Why is that? Within the secret I set the username to that of the username that I created in the RDS instance and for which I created an IAM policy for that uses a policy similar to:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds-db:connect"
],
"Resource": [
"xxx"
]
}
]
}
and I set the password to something random. If we are using IAM auth, why do we also have to have a secret? And why does the secret need to contain a username / password value?
Okay, back to the main question. So once I have these things in place, and the python code pointing to the proxy host instead of the cluster writer host, I get the following error in logs:
errorMessage": "(pg8000.exceptions.InterfaceError) network error\n[SQL: select pg_catalog.version()]\n(Background on this error at: https://sqlalche.me/e/14/rvf5)
Anyone know how to solve this issue? I would really like to use RDS proxy!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论