Closed tenjaa closed 1 year ago
Hi @tenjaa 👋 thanks for sharing, I think this is a great feature request 🚀
We'll need to include a conditional VpcConfig
in the Globals section of the SAM template (similar to what we already do for the optional PermissionsBoundary
).
To do that, we also need a couple of new template Parameters (e.g. securityGroupIds
and subnetIds
).
It would look very similar to this:
Parameters:
securityGroupIds:
Type: List<AWS::EC2::SecurityGroup::Id>
Default: ''
subnetIds:
Type: List<AWS::EC2::Subnet::Id>
Default: ''
Conditions:
UseSecurityGroupIds: !Not [!Equals [!Ref securityGroupIds, '']]
UseSubnetIds: !Not [!Equals [!Ref subnetIds, '']]
UseVPCConfig: !Or [!Ref UseSecurityGroupIds, !Ref UseSubnetIds]
Globals:
VpcConfig: !If [UseVPCConfig, {
SecurityGroupIds: !If [UseSecurityGroupIds, !Ref securityGroupIds, !Ref AWS::NoValue],
SubnetIds: !If [UseSubnetIds, !Ref subnetIds, !Ref AWS::NoValue]
}, !Ref AWS::NoValue]
I haven't tested this and it's still missing the IAM managed policy part, but it should be a good starting point to implement it.
Do you feel like giving this a try and opening a PR? If not, I should be able to work on it myself in the next 4-5 weeks.
I already got it working by hardcoding everything, so I can confirm it works without any issues.
Probably next weekend I will find some time to polish it and create a PR :)
Awesome, that sounds great 🚀
Let me know if you get stuck and/or need help.
Eventually, I'll make sure this new feature is available in the Terraform modules too :)
@tenjaa I managed to spend some time on this :) Please have a look at this PR: https://github.com/alexcasalboni/aws-lambda-power-tuning/pull/169
Thanks, @tenjaa 🙏
Hi :) I need to have all lambdas running in a VPC. That means currently we cannot run this tool.
Would you be open for a PR to support a custom VPC?
I thought about passing the vpc-id as parameter and then conditionally put the lambdas into this vpc + add the LambdaVpcManagedPolicy.