It seems that currently you can only specify subnet and security group ids while specifying Lambda’s VPC configuration:
You can add VPC configuration to a specific function in
serverless.yml by adding a
vpc object property in the function configuration. This object should contain the
subnetIds array properties needed to construct VPC for this function.
My assumption is it’s using default VPC. But what if I want to create custom VPC first, and then assign it to my Lambda function just like Lambda Management Console?
Can I use something like:
If it’s not supported is there any plan to implement it in near future?
VPC’s are composed of “Subnets” which specify a block of IP addresses within that VPC and live in a specific Availability Zone. When you are assigning a lambda function to a specific subnet, you are also assigning the lambda function to the larger VPC.
Even in the lambda console you also have to pick specific subnets to assign your lambda function to:
Sorry, but don’t get your response. In console you specify VPC id, subnets and security groups.
By looking at serverless API it seems you can only specify subnets and security groups. Which VPC is it going to use? Is it going to be default? How do I specify my custom one?
You can notice VPC dropdown on your screenshot.
Subnets are already linked to a specific (custom) VPC when you create them
The reason the Lambda Console gives you the option to select a VPC is so that it can conveniently display the available subnets within that VPC (that are already created).
For example, when you create a custom VPC A, you will then have to create a Subnet Z. When you create Subnet Z, you will specify that it belongs to VPC A.
So serverless.yml doesn’t let you specify a specific VPC because it already knows the VPC from the Subnet that you specify. Subnets belong to a VPC – a Subnet cannot belong to multiple VPCs.
This also means that if you specify multiple Subnets, they must both belong to the same VPC
Ah, that makes sense. This is really helpful information. I did not know that subnet cannot belong to multiple VPCs, that’s why I got confused. Thank you!