我正在按照这篇AWS文章中的流程测试与Managed AD集成的自动化AWS工作区:https://aws.amazon.com/blogs/desktop-and-application-streaming/automate-provisioning-of-amazon-workspaces-using-aws-lambda/
我使用名称"domain.local"部署了一个标准的aws管理目录,然后使用AD工具将单个EC2实例部署到域中,以便我可以修改AD。
在创建预定的Cloudwatch规则时,我包含了以下自定义JSON输入(如本文第6步所述):
{
"LDAP_SERVER": "domain.local",
"LDAP_USER": "domain\aws_sync",
"GROUP_FILTER": "(objectclass=group)",
"USER_FILTER": "(objectclass=user)",
"SECRET_NAME": "sync_svc",
"WORKSPACE_GROUP_FRIENDLY_NAME": "workspace_users",
"WORKSPACE_GROUP_DN": "OU=Workspaces,OU=domain,DC=domain,DC=local",
"Directory_Id": "<MyDirectoryID>",
"Bundle_Id": "wsb-8vbljg4r6",
"WorkSpace_Properties": {
"RunningMode": "AUTO_STOP",
"RunningModeAutoStopTimeoutInMinutes": 60,
"RootVolumeSizeGib": 80,
"UserVolumeSizeGib": 50,
"ComputeTypeName": "STANDARD"
}
}
我仔细地按照说明执行了本文中的整个过程两次,但两次都无法进行集成,Lambda函数失败。在Cloudwatch日志中,我看到如下:
> [ERROR] LDAPSocketOpenError: invalid server address Traceback (most
> recent call last): File "/var/task/lambda_function.py", line 37, in
> lambda_handler conn = Connection(server, user=LDAP_USER,
> password=LDAP_PASSWORD, authentication=NTLM, auto_bind=True) File
> "/var/task/ldap3/core/connection.py", line 363, in __init__
> self._do_auto_bind() File "/var/task/ldap3/core/connection.py", line
> 387, in _do_auto_bind self.open(read_server_info=False) File
> "/var/task/ldap3/strategy/sync.py", line 57, in open
> BaseStrategy.open(self, reset_usage, read_server_info) File
> "/var/task/ldap3/strategy/base.py", line 154, in open raise
> LDAPSocketOpenError('invalid server address')
谁能解释一下这个错误?提示"无效服务器地址",提示该函数无法与托管目录中的域控制器通信。我确保Lambda函数的安全组设置为All Traffic,入站和出站的安全组设置为0.0.0.0/0,仅供参考。
需要更新运行lambda函数的VPC的DHCP选项。
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/dhcp_options_set.html