部署到 AWS 平台时的注意事项
下面介绍了部署到不同 AWS 平台时你可能会遇到的一些注意事项。
¥The following describes some caveats you might face when deploying to different AWS platforms.
AWS RDS 代理
¥AWS RDS Proxy
Prisma ORM 与 AWS RDS 代理兼容。但是,由于 RDS Proxy 固定连接的方式,将其用于 Prisma ORM 的连接池没有任何好处:
¥Prisma ORM is compatible with AWS RDS Proxy. However, there is no benefit in using it for connection pooling with Prisma ORM due to the way RDS Proxy pins connections:
“你与代理的连接可能会进入一种称为固定的状态。固定连接后,以后的每个事务都会使用相同的基础数据库连接,直到会话结束。在会话结束之前,其他客户端连接也无法重用该数据库连接。当 Prisma 客户端的连接断开时,会话结束。” - AWS RDS 代理文档
¥"Your connections to the proxy can enter a state known as pinning. When a connection is pinned, each later transaction uses the same underlying database connection until the session ends. Other client connections also can't reuse that database connection until the session ends. The session ends when Prisma Client's connection is dropped." - AWS RDS Proxy Docs
准备好的语句(任何大小)或大于 16 KB 的查询语句会导致 RDS Proxy 固定会话。 由于 Prisma ORM 对所有查询使用准备好的语句,因此将 RDS Proxy 与 Prisma ORM 结合使用时你不会看到任何好处。
¥Prepared statements (of any size) or query statements greater than 16 KB cause RDS Proxy to pin the session. Because Prisma ORM uses prepared statements for all queries, you won't see any benefit when using RDS Proxy with Prisma ORM.
AWS 弹性豆茎
¥AWS Elastic Beanstalk
AWS Elastic Beanstalk 是一种类似 PaaS 的部署服务,可抽象基础设施并允许你快速将应用部署到 AWS。
¥AWS Elastic Beanstalk is a PaaS-like deployment service that abstracts away infrastructure and allows you to deploy applications to AWS quickly.
使用 Prisma 客户端将应用部署到 AWS Elastic Beanstalk 时,Prisma ORM 会将 Prisma 客户端代码生成到 node_modules 中。这通常在 package.json 中定义的 postinstall 钩子中完成。
¥When deploying an app using Prisma Client to AWS Elastic Beanstalk, Prisma ORM generates the Prisma Client code into node_modules. This is typically done in a postinstall hook defined in a package.json.
由于 Beanstalk 限制了 postinstall 钩子中写入文件系统的能力,因此你需要在项目的根目录中创建 .npmrc 文件并添加以下配置:
¥Because Beanstalk limits the ability to write to the filesystem in the postinstall hook, you need to create an .npmrc file in the root of your project and add the following configuration:
unsafe-perm=true
启用 unsafe-perm 会强制 npm 以 root 身份运行,从而避免文件系统访问问题,从而允许 postinstall 钩子中的 prisma generate 命令生成代码。
¥Enabling unsafe-perm forces npm to run as root, avoiding the filesystem access problem, thereby allowing the prisma generate command in the postinstall hook to generate your code.
错误:@prisma/client did not initialize yet
¥Error: @prisma/client did not initialize yet
发生此错误的原因是 AWS Elastic Beanstalk 未安装 devDependencies,这意味着它不会选择 Prisma CLI。要解决此问题,你可以:
¥This error happens because AWS Elastic Beanstalk doesn't install devDependencies, which means that it doesn't pick up the Prisma CLI. To remedy this you can either:
-
将
prismaCLI 软件包添加到dependencies而不是devDependencies。(确保随后运行npm install来更新package-lock.json)。¥Add the
prismaCLI package to yourdependenciesinstead of thedevDependencies. (Making sure to runnpm installafterward to update thepackage-lock.json). -
或者在 AWS Elastic Beanstalk 实例上安装
devDependencies。为此,你必须将 AWS Elastic BeanstalkNPM_USE_PRODUCTION环境属性设置为 false。¥Or install your
devDependencieson AWS Elastic Beanstalk instances. To do this you must set the AWS Elastic BeanstalkNPM_USE_PRODUCTIONenvironment property to false.
AWS RDS Postgres
将 Prisma ORM 与 AWS RDS Postgres 结合使用时,你可能会在迁移或运行时遇到连接问题或以下错误:
¥When using Prisma ORM with AWS RDS Postgres, you may encounter connection issues or the following error during migration or runtime:
Error: P1010: User <username> was denied access on the database <database>
原因
¥Cause
AWS RDS 默认强制使用 SSL 连接,Prisma 使用 rejectUnauthorized: true 解析数据库连接字符串,这需要有效的 SSL 证书。如果证书配置不正确,Prisma 无法连接到数据库。
¥AWS RDS enforces SSL connections by default, and Prisma parses the database connection string with rejectUnauthorized: true, which requires a valid SSL certificate. If the certificate is not configured properly, Prisma cannot connect to the database.
解决方案
¥Solution
要解决此问题,请更新 DATABASE_URL 环境变量以包含 sslmode=no-verify 选项。这会绕过严格的 SSL 证书验证并允许 Prisma 连接到数据库。按如下方式更新你的 .env 文件:
¥To resolve this issue, update the DATABASE_URL environment variable to include the sslmode=no-verify option. This bypasses strict SSL certificate verification and allows Prisma to connect to the database. Update your .env file as follows:
DATABASE_URL=postgresql://<username>:<password>@<host>/<database>?sslmode=no-verify&schema=public
为什么有效
¥Why This Works
sslmode=no-verify 设置通过 pg-connection-string 包将 rejectUnauthorized: false 传递给 SSL 配置。这会禁用严格的证书验证,允许 Prisma 与 RDS 数据库建立连接。
¥The sslmode=no-verify setting passes rejectUnauthorized: false to the SSL configuration via the pg-connection-string package. This disables strict certificate validation, allowing Prisma to establish a connection with the RDS database.
注意
¥Note
虽然使用 sslmode=no-verify 可以快速修复,但它会绕过 SSL 验证,可能不符合生产环境的安全要求。在这种情况下,请确保正确配置了有效的 SSL 证书。
¥While using sslmode=no-verify can be a quick fix, it bypasses SSL verification and might not meet security requirements for production environments. In such cases, ensure that a valid SSL certificate is properly configured.
AWS Lambda 上传限制
¥AWS Lambda upload limit
AWS Lambda 定义了部署包上传限制,其中包括:
¥AWS Lambda defines an deployment package upload limit, which includes:
-
所有应用代码
¥All application code
-
像 Prisma ORM 查询引擎 这样的二进制文件
¥Binaries like the Prisma ORM query engine
从 v6.7.0 开始,Prisma ORM 具有 queryCompiler 预览功能。
¥As of v6.7.0, Prisma ORM has the queryCompiler Preview feature.
启用后,你的 Prisma 客户端将生成 无需基于 Rust 的查询引擎二进制文件:
¥When enabled, your Prisma Client will be generated without a Rust-based query engine binary:
generator client {
provider = "prisma-client-js"
previewFeatures = ["queryCompiler", "driverAdapters"]
}
请注意,驱动适配器 预览功能与 queryCompiler 功能同时启用。
¥Note that the driver adapters Preview feature is required alongside queryCompiler.
lambda 的部署包 (.zip) 大小限制为 50MB.准备部署包时,请删除该函数在生产中不需要的所有文件,以使最终的 .zip 尽可能小。这包括一些 Prisma ORM 引擎二进制文件。
¥The deployment package (.zip) size limit for lambdas is 50MB. When you prepare a deployment package, remove any files that the function does not require in production to keep the final .zip as small as possible. This includes some Prisma ORM engine binaries.
删除不需要的 Prisma ORM 引擎
¥Deleting Prisma ORM engines that are not required
Prisma CLI 下载生产中不需要的其他引擎二进制文件。你可以删除以下文件和文件夹:
¥Prisma CLI downloads additional engine binaries that are not required in production. You can delete the following files and folders:
-
整个
node_modules/@prisma/engines文件夹(指 Prisma 端到端测试使用的 示例 bash 脚本)¥The entire
node_modules/@prisma/enginesfolder (refer to the sample bash script used by the Prisma end-to-end tests) -
node_modules/.prisma/client文件夹中适合你的开发平台的本地引擎文件。例如,如果你在 Debian (native) 上开发但部署到 AWS Lambda (rhel-openssl-3.0.x),你的架构可能会定义以下binaryTargets:¥The local engine file for your development platform from the
node_modules/.prisma/clientfolder. For example, your schema might define the followingbinaryTargetsif you develop on Debian (native) but deploy to AWS Lambda (rhel-openssl-3.0.x):binaryTargets = ["native", "rhel-openssl-3.0.x"]在这种情况下:
¥In this scenario:
-
保留
node_modules/.prisma/client/query-engine-rhel-openssl-3.0.x,这是 AWS Lambda 使用的引擎文件¥Keep
node_modules/.prisma/client/query-engine-rhel-openssl-3.0.x, which is the engine file used by AWS Lambda -
删除
node_modules/.prisma/client/query-engine-debian-openssl-1.1.x,仅本地需要¥Delete
node_modules/.prisma/client/query-engine-debian-openssl-1.1.x, which is only required locally
注意:使用 Node.js 18 或更早版本时,AWS Lambda 的正确
binaryTarget是rhel-openssl-1.0.x。对于大于 18 的 Node.js 版本,rhel-openssl-3.0.x是正确的binaryTarget。¥Note: When using Node.js 18 or earlier, the correct
binaryTargetfor AWS Lambda isrhel-openssl-1.0.x.rhel-openssl-3.0.xis the correctbinaryTargetfor Node.js versions greater than 18. -