I have the same requirements for some of my applications: some Lambdas need to be part of the same VPC, while others must not be part of any VPC at all.
What I have being doing so far and has worked well for me is to define the VPC configuration in a custom settings section of my serverless.yml file and reference this for all the Lambdas that need to be part of the VPC. The Lambdas that do not need to be part of a VPC simply do not reference the configuration.
Note that this method involves that no VPC configuration is set at the provider level.
For instance:
custom:
vpc: # Define custom VPC configuration
securityGroupIds:
- securityGroupId1
- securityGroupId2
subnetIds:
- subnetId1
- subnetId2
functions:
hello:
handler: handler.hello
vpc: ${self:custom.vpc} # Use the configuration defined above for the VPC
helloAgain:
handler: handler.helloAgain
# Do not include any VPC configuration
Note that you can create one than one VPC configuration with this method, in case you need different Lambdas to be part of different VPCs.
Hope this helps! 