Menu
I am using Serverless framework to deploy a Python lambda function to AWS. In my serverless.yml file I have defined a function which I need to deploy to a VPC with specific ID as only that VPC has network connectivity needed to make some business related requests from the lambda function.
customer_callback:
vpc:
subnetIds:
- subnet-something
handler: myservice/event_stream.customer_callback
In the documentation, the above example is what they mention as a way to attach the function to a VPC:
https://serverless.com/framework/docs/providers/aws/guide/functions/
However, the function is not deployed to a VPC at all, e.g. I end up with:
I have tried specifying VPC ID directly like this:
customer_callback:
vpc:
id: vpc-something
handler: myservice/event_stream.customer_callback
But that does nothing as well. The documentation for this issue is basically non-existent and I tried searching a lot so I finally have to post here to ask for help.
890
To reference environment variables, use the ${env:SOME_VAR} syntax in your serverless. yml configuration file. It is valid to use the empty string in place of SOME_VAR . This looks like " ${env:} " and the result of declaring this in your serverless.
Short description. Lambda doesn't support running functions in dedicated tenancy VPCs. To connect a Lambda function to a dedicated VPC, first peer the dedicated VPC to a default tenancy VPC that contains the function. The solution requires using an Amazon Elastic Compute Cloud (Amazon EC2) Dedicated Instance.
From https://serverless.com/framework/docs/providers/aws/guide/functions/#vpc-configuration:
This object should contain the securityGroupIds and subnetIds array properties needed to construct VPC for this function.
functions:
customer_callback:
handler: myservice/event_stream.customer_callback
vpc:
securityGroupIds:
- sg-deadbeef
subnetIds:
- subnet-fadecafe
You would also need to add VPC IAM Permissions.
The Lambda function execution role must have permissions to create, describe and delete Elastic Network Interfaces (ENI). When VPC configuration is provided the default AWS AWSLambdaVPCAccessExecutionRole will be associated with your Lambda execution role.
To do this, add the following in your serverless.yml:
resources:
Resources:
AWSLambdaVPCAccessExecutionRole:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: Creating policy for vpc connetion.
Roles:
- {"Ref" : "IamRoleLambdaExecution"}
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- ec2:CreateNetworkInterface
- ec2:DescribeNetworkInterfaces
- ec2:DeleteNetworkInterface
Resource: "*"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
