LLC Notes
[TOC]
Project Gld2-Zluhs
The idea was easy-peasy.
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ
β Route53 βββββββββββββΆβ CloudFront ββββββββ¬ββββββΆβ S3 β /
ββββββββββββββββ ββββββββββββββββ β ββββββββββββββββ
β
β
β ββββββββββββββββ
βββββββΆβ Lambda β /api, /rpc
ββββββββββββββββ
API Gateway
I did not know that you did not need an API Gateway wrapper. APIG is convoluted as fuck. Also, the default timeout for any Lambda or BE it proxies is 30s/60s default/max. You can ask AWS to raise this limit. It’s a PITA for simple use-cases and I wondered if I could just invoke the Lambda directly…
You can in CloudFront
You assign a Lambda a Function URI, lop off the https:// part, and can paste that into the “Origin” field even if it doesn’t show up in a list of targets (like S3, API-G)!
The issue is that, while you can set a timeout of 15 minutes for a Lambda, a CF origin has a max timeout of 29 seconds. Could be a problem with naive, big uploads as in my case. You can open an issue with AWS over this and raise the limit. I think you can go as high as 10 minutes. I requested 5 minutes.
RDS
For a Lambda integration, you will need Security Group:Lambda -> Security Group:RDS set up. RDS integrations are very common and you can specify them in the Lamdba config itself (online or in Terraform).
Lambda
I needed to connect to an external API (on the same domain). You’ll see UND_ERR_CONNECT_TIMEOUT when your Lambda is unable to connect externally. This is not a problem with undici.
π You can only use private subnets via NAT Gateways to connect externally! Public Subnets that use Internet Gateways (IGs) won’t cut it!
Other
Public Bucket Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::some-bucket/*"
}
]
}