How to deploy a lambda without vpc when the default vpc is set in the provider object and used for all the other lambdas

Hi all,

I use serverless to deploy multiple AWS lambdas with the same vpc, the vpc is currently configured in the provider object as defined in the documentation.

I would like to add a new lambda without vpc but I am unsure about the configuration:
I want to keep the default vpc in the provider object and only specify that no vpc is set for the new lambda.

Is it possible ? or should I set the vpc property for each lambda ?

Thanks in advance for your help and answers!

I’d like to do this too. Most of my functions need to set in a VPC so they can talk to RDS, but one needs to talk to SES, so needs to be outside the VPC.

Having a whole separate stack for this seems overkill, but as they’ll need to use SNS to communicate anyway, maybe no bad thing ?

I have the same requirements for some of my applications: some Lambdas need to be part of the same VPC, while others must not be part of any VPC at all.

What I have being doing so far and has worked well for me is to define the VPC configuration in a custom settings section of my serverless.yml file and reference this for all the Lambdas that need to be part of the VPC. The Lambdas that do not need to be part of a VPC simply do not reference the configuration.

Note that this method involves that no VPC configuration is set at the provider level.

For instance:

custom:
  vpc: # Define custom VPC configuration
    securityGroupIds:
      - securityGroupId1
      - securityGroupId2
    subnetIds:
      - subnetId1
      - subnetId2

functions:
  hello:
    handler: handler.hello
    vpc: ${self:custom.vpc} # Use the configuration defined above for the VPC
  helloAgain:
    handler: handler.helloAgain
    # Do not include any VPC configuration

Note that you can create one than one VPC configuration with this method, in case you need different Lambdas to be part of different VPCs.

Hope this helps! :slight_smile:

So the steps seem to be, after modifying the serverless.yml as above :slight_smile:

  • create an SNS endpoint in the VPC (use the AWS console)
  • from a function declared as being in the VPC, you do
    const sns = new aws.SNS({endpoint:'https://.....'});
    await sns.publish( {
      Message: 'MESSAGE_TEXT', 
      TopicArn: 'TOPIC_ARN'
    } ).promise()
  • for a function decalared as outside the VPC, in serverless.yml give
    events:
        - sns: TOPIC_ARN

and it gets run

Using SES from a function outside the VPC just works, so this is a good approach, just a shame about the boilerplate “VPC” added to each “normal” function rather than being able to say “vpc:none” on the one special one.

1 Like

Based from Serverless Framework - AWS Lambda Guide - Functions, we can simply set the vpc value for no vpc functions to ~ (null)