Deploy single function to a VPC

hello, i have a project where one of the functions needs to communicate to an EC2 instance in a VPC, what is the correct way to enable this?

how do i set it up just for one of the functions, instead of being global?

would i have to create a separate resource, such as

    Type: AWS::Serverless::Function
        - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole
      CodeUri: src/handlers/sample-func1
          - sg-808e4df9

within my serverless.yml?

this function would also need access to S3, in this case i would need NAT on the VPC for the function to be able to connect to S3 or is there a different way to approach this?

basically my use case is that i have an S3 bucket that triggers an event on an upload, this then has couple of steps and on one of the steps i have a function that needs to send files to an FTP ec2 instance that is in the VPC so that these files can be consumed by a legacy system.

any advice is much appreciated