VPC Tips for me?

I’m having issues deploying lambdas with sls 1.14 into VPC. Any tips?

I’m following the info from the docs:
provider:
name: aws
runtime: nodejs6.10
stage: ${opt:stage, self:custom.default_stage}
region: us-east-1
profile: ${self:custom.profiles.${self:provider.stage}}
vpc:
securityGroupsIds:
- ${file(./serverless.env.yml):${self:provider.stage}.SECURITY_GROUP_1}
subnetIds:
- ${file(./serverless.env.yml):${self:provider.stage}.SUBNET_1}
- ${file(./serverless.env.yml):${self:provider.stage}.SUBNET_2}

This results in no VPC configuration for any of the lambdas in the project. You can see I’m trying to use environment variables above, I’ve tried also with explicit strings and putting the vpc config down on the function.Nothing! I’ve looked at the compiled cloud formation - I dont see anything about these security groups or subnets in there. What am I doing wrong?

The VPC configuration does not create a VPC for you. You must already have the VPC/Subnets in place.

yep, i have those in place

i’m migrating from serverless .5, where we had all of these lambdas running in vpc and configured from s-function

well for anyone with this same problem - dont put the security group and subnetids in quotes…

so:
securityGroupIds:

  • sg-123456
    subnetIds:
  • subnet-12345

no quotes. argh

1 Like

I tried all solutions exposed here and in other topics but I still fail configuring a lambda to connect to an existing VPC: the lambda is always in “NO VPC”. I use sls 1.26.0. This is my serverless.yml file (I replace sensitive data by xxx):

service: myservice
provider:
  name: aws
  stage: ${opt:stage, 'dev'}
  region: eu-west-1
  environment:
    STAGE: ${self:provider.stage}

package:
  artifact: dist.zip

functions:
  metrics-to-splunk:
    handler: LogForwardingToSplunk.handler
    timeout: 300
    memorySize: 1024
    runtime: nodejs6.10
    vpc:
      securityGroupsIds:
        - sg-xxxxx
      subnetIds:
        - subnet-xxxx
        - subnet-xxxx
  environment:
      SPLUNK_HEC_URL: https://xxxxx
      SPLUNK_HEC_TOKEN: xxxxx

Could someone show me a working full example? Or point me to what I did wrong?

@ant1 you have securityGroupsIds… make it securityGroupIds

1 Like

@srg-avai Thank you so much, you’re perfect right.

slowly learning my way through SERVERLESS - One question I have for the group, in a deployment can serverless CREATE vpc, subnets, and security groups ?? I can see here where it can be inserted into and conjunction with those structures, but on a green field deployment can it actually create those AWS resources ?? If not, then what tool are people using to create those objects which server does not create and how are those objects then passed to awaiting serverless, so it can run round 2 ??

@jorgedlt Serverless uses CloudFormation to setup resources. Anything you can setup with CloudFormation you can add to the resources section of your serverless.yml and serverless will set it up during deployment.

Thanks Buggy - My other DEV friends have come back with the same answer so I’ll follow that advise.

– As follow on question; Since some of the foundation based objects are to be deployd with CF and SLS would come as a second “layer”; Is there a way to have SLS know about or be aware of the previous CF layer or deployment??

Therefore, being able to reference those objects by name (AWS-ID) etc. I know there is a similar mechanism in CF proper, where one cf deployment can reference previous CF deployments – similar to this -> https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/walkthrough-crossstackref.html