search

aldy120 / s3-note

Note for Amazon S3
0 stars 0 forks source link

Lambda access EFS #46

Open aldy120 opened 1 year ago

aldy120 commented 1 year ago
aldy120 commented 1 year ago

6 second after

Calling the invoke API action failed with this message: The function couldn't connect to the Amazon EFS file system with access point arn:aws:elasticfilesystem:eu-west-1:325227931631:access-point/fsap-017ba2ccf7291ed80. Check your network configuration and try again.

Solution: Check security groups in Lambda and EFS access point.

aldy120 commented 1 year ago

Error message: "errorType": "Error", "errorMessage": "Directory import '/mnt/efs/node/node_modules/puppeteer' is not supported resolving ES modules imported from /var/task/index.mjs\nDid you mean to import /mnt/efs/node/node_modules/puppeteer/lib/cjs/puppeteer/puppeteer.js?", "code": "ERR_UNSUPPORTED_DIR_IMPORT", "url": "file:///mnt/efs/node/node_modules/puppeteer",

In puppeteer package.json, 

  "main": "./lib/cjs/puppeteer/puppeteer.js",

Solution: Change the import path to 

import puppeteer from '/mnt/efs/node/node_modules/puppeteer/lib/cjs/puppeteer/puppeteer.js';
aldy120 commented 1 year ago

似乎在 Lambda 上不用放 EFS 的權限。可以直接透過 VPC 存取。

aldy120 commented 1 year ago

Calling the invoke API action failed with this message: The function couldn't mount the Amazon EFS file system with access point arn:aws:elasticfilesystem:eu-west-1:325227931631:access-point/fsap-0d4dd118834e41c37.

Solution: Use a 1000/1000/777 Root Creation Permissions when create a access point.

aldy120 commented 1 year ago

EFS access point 會把所有的 NFS 請求默默改變 User/Group 。舉例來說,就算用 root 新增檔案,看起來也會是設定在 access point 的 POSIX user 建立的。也可以自訂一個 Root directory ,掛載端看不到他自己實際上在 EFS 的那個目錄下。

aldy120 commented 1 year ago

最好是建立 access point 的時候 path 選一個新的之前沒用過的。

If the access point's root directory already exists before mount time, the existing permissions aren't overwritten by the access point. https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html#create-root-directory-access-point

aldy120 commented 1 year ago

使用 id 指令可以列出目前的 UID/GID

aldy120 commented 1 year ago

https://repost.aws/knowledge-center/lambda-invoke-efs

aldy120 commented 1 year ago

各種 access point permissions 的測試 https://docs.google.com/spreadsheets/d/1CAxzIwxKayf9tJjgoWnbDTQmTAhq2D9loH7C653jJ-0/edit#gid=0