alexcasalboni
commented
2 years ago Hi @tenjaa 👋 thanks for sharing, I think this is a great feature request 🚀
We'll need to include a conditional VpcConfig in the Globals section of the SAM template (similar to what we already do for the optional PermissionsBoundary).
To do that, we also need a couple of new template Parameters (e.g. securityGroupIds and subnetIds).
It would look very similar to this:
Parameters:
securityGroupIds:
Type: List<AWS::EC2::SecurityGroup::Id>
Default: ''
subnetIds:
Type: List<AWS::EC2::Subnet::Id>
Default: ''
Conditions:
UseSecurityGroupIds: !Not [!Equals [!Ref securityGroupIds, '']]
UseSubnetIds: !Not [!Equals [!Ref subnetIds, '']]
UseVPCConfig: !Or [!Ref UseSecurityGroupIds, !Ref UseSubnetIds]
Globals:
VpcConfig: !If [UseVPCConfig, {
SecurityGroupIds: !If [UseSecurityGroupIds, !Ref securityGroupIds, !Ref AWS::NoValue],
SubnetIds: !If [UseSubnetIds, !Ref subnetIds, !Ref AWS::NoValue]
}, !Ref AWS::NoValue]I haven't tested this and it's still missing the IAM managed policy part, but it should be a good starting point to implement it.
Do you feel like giving this a try and opening a PR? If not, I should be able to work on it myself in the next 4-5 weeks.
tenjaa
Hi :) I need to have all lambdas running in a VPC. That means currently we cannot run this tool.
Would you be open for a PR to support a custom VPC?
I thought about passing the vpc-id as parameter and then conditionally put the lambdas into this vpc + add the LambdaVpcManagedPolicy.