Add option to Use VPCs in lambdas if specified by user

Samrose-Ahmed commented 1 year ago

Overview

We currently let the user define a VPC id in their matano.config.yml like so:

vpc:
  id: vpc-05175918865d89771

However, we don't currently use the VPC in all the generated resources.

Goal

If the user specifies a VPC ID in their config, use the VPC when generating all resources.

Relevant resource currently is just Lambda functions.

Notes

Matano uses CDK context to cache the VPC info. You can access the VPC info inside a CDK stack like so, which will be defined if the user specified a VPC in their config:

const vpc: cdk.aws_ec2.IVpc | undefined = (cdk.Stack.of(this) as MatanoStack).matanoVpc;

If user doesn't specify a VPC, can just not use any VPC for now.
Possibly look into using CDK aspects to simplify.

gdrapp commented 1 year ago

I would ask that you make it optional for the Lambdas to run in the VPC. There’s little value for a Lambda that’s reading/writing to S3 or SQS to run in a VPC. Plus, if you didn’t size the VPC to run a bunch of Lambdas it’s easy to quickly run out of IP addresses.

Samrose-Ahmed commented 1 year ago

Yeah that makes sense. Actually going to punt this to when/if we have resources that require VPCs.

matanolabs / matano