Menu
Is it possible to create a Serverless Framework Lambda deployment where the Lambda is deployed into an existing VPC's SecurityGroup? I don't want the service deployment or it's stack to own an of the network artifacts?
844
If your Lambda function is VPC attached, it needs to be able to communicate via your VPC to the AWS API. Lambdas do not talk to other Lambdas over the network, they initiate requests with the AWS API or an API Gateway, which passes the request on to the Lambda Function.
You can call any of the Lambda API operations from your VPC. For example, you can invoke the Lambda function by calling the Invoke API from within your VPC. For the full list of Lambda APIs, see Actions in the Lambda API reference.
This is not possible with Lambda. Lambda functions can provide access only to one single VPC. If there are multiple subnets and are specified, then they must all be in the same VPC. You then can connect to the other VPCs by peering your VPCs.
Yes it is. The vpc configuration in serverless.yml just needs to reference existing subnets and security groups. Something like this:
vpc:
securityGroupIds:
- securityGroupId1
- securityGroupId2
subnetIds:
- subnetId1
- subnetId2
Take a look at https://serverless.com/framework/docs/providers/aws/guide/functions/#vpc-configuration
152
The following setup worked perfectly for me in Serverless version 1.51.0. I included staging variables, since my environments use different subnets and security groups for logical isolation. My network setup is an already existing VPC with subnets and security groups.
provider:
name: aws
....
....
vpc:
securityGroupIds:
- ${self:custom.securityGroupId.${self:provider.stage}}
subnetIds:
- ${self:custom.subnetId.${self:provider.stage}}
custom:
stages:
- tst
- dev
- prd
securityGroupId:
local: sg-local
tst: sg-tst
dev: sg-dev
prd: sg-prd
subnetId:
local: subnet-local
tst: subnet-tst
dev: subnet-dev
prd: subnet-prd
plugins:
- serverless-stage-manager
An extension to the answer provided by @Nebulastic.
This is when you want to configure your VPC Lambda's to execute from more than one subnet for various Stages.
provider:
name: aws
vpc:
securityGroupIds:
- ${self:custom.securityGroupId.${self:provider.stage}}
subnetIds:
- ${self:custom.subnetId1.${self:provider.stage}}
- ${self:custom.subnetId2.${self:provider.stage}}
- ${self:custom.subnetId3.${self:provider.stage}}
custom:
stage: ${opt:stage, self:provider.stage}
securityGroupId:
prod: sgId-prod
test: sgId-test
dev: sgId-dev
subnetId1:
prod: subnetId1-prod
test: subnetId1-test
dev: subnetId1-dev
subnetId2:
prod: subnetId2-prod
test: subnetId2-test
dev: subnetId2-dev
subnetId2:
prod: subnetId3-prod
test: subnetId3-test
dev: subnetId3-dev
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
