Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible to reference a Security Group being created? #44

Open
corydorning53 opened this issue Mar 30, 2021 · 4 comments
Open

Possible to reference a Security Group being created? #44

corydorning53 opened this issue Mar 30, 2021 · 4 comments

Comments

@corydorning53
Copy link

corydorning53 commented Mar 30, 2021
edited
Loading

In my serverless.yml I create the following security group in the resources section:

resources:
  Resources:
      MySecurityGroup:
        Type: AWS::EC2::SecurityGroup
        Properties:
          GroupDescription: Allow all outbound traffic, no inbound for Lambdas
          SecurityGroupEgress:
            - IpProtocol: tcp
              FromPort: 443
              ToPort: 443
              CidrIp: 0.0.0.0/0
          VpcId: ${self:custom.${self:provider.stage}.vpcId}

Then in my functions I reference it as:

functions:
  mylambda:
    handler: api/my.lambda
    runtime: nodejs14.x
    vpc:
      securityGroupIds:
        - Ref: MySecurityGroup

This has the side effect of giving the following configuration warning, even though its not really an issue, because I reference the subnets in the custom.vpcDiscovery:

Serverless: Configuration warning:
Serverless:   at 'functions.myLambda.vpc': should have required property 'subnetIds'

So I was wondering if I could remove the vpc.securityGroupIds altogether and just reference MySecurityGroup in the plugin config:

  vpcDiscovery:
    vpcName: ${self:custom.tk.vpc}
    subnets:
      - tagKey: Name
        tagValues:
          - app_sn_0
          - app_sn_1
          - app_sn_2
    securityGroups:
      - Ref: MySecurityGroup
@missedone
Copy link

i have the exact same case, the SG is created with severless framework, i want severless-vpc-discovery plugin discover subnets only.

@corydorning53
Copy link
Author

any plans to implement this? asking because if I add configValidationMode: error to my serverless.yml it breaks.

@corydorning
Copy link

bumping this issue...as it still persists and serverless v3 has been released.

@rcwsr
Copy link

rcwsr commented Mar 25, 2022

Same issue here, I am also using this plugin to discover subnets of an existing VPC, but defining a security group as a resource and I get the same validation warning.

Bonus, it would also be really nice to get access to the resolved VPC ID from this plugin, so that you don't have to define both a VPC name for auto-discovery and a VPC ID that needs to be referenced in the SG resource.

@corydorning I know it was a year ago now, but did you find a way to work with this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@corydorning @missedone @rcwsr @corydorning53