I’m trying to deploy a Lambda function that can download a file from S3 to EFS upon an S3 object being uploaded to a given bucket. This is what I have for my serverless.yml file so far, but when I try to deploy it, I get the error:
Function "cfnTrigger": when using fileSystemConfig, ensure that function has vpc configured on function or provider level
serverless.yml:
service: cfn-trigger-test
frameworkVersion: '2'
provider:
name: aws
runtime: python3.8
stage: dev
region: us-west-2
vpc:
securityGroupIds:
- sg-XXXXXXXXXX
- sg-XXXXXXXXXX
- sg-XXXXXXXXXX
subnetdIds:
- subnet-XXXXXXXX
functions:
cfnTrigger:
handler: handler.download_files_to_efs
description: Lambda to download S3 file to EFS folder.
events:
- s3:
bucket: cfn-trigger-test
event: s3:ObjectCreated:*
existing: true
fileSystemConfig:
localMountPath: /mnt/efs
arn: arn:aws:elasticfilesystem:us-west-2:XXXXXX:access-point/fsap-XXXXX
iamRoleStatements:
- Effect: "Allow"
Action:
- states:*
Resource: "*"
- Effect: Allow
Action:
- elasticfilesystem:ClientMount
- elasticfilesystem:ClientWrite
- elasticfilesystem:ClientRootAccess
Resource:
- arn:aws:elasticfilesystem:us-west-2:XXXXX:file-system/fs-XXXXXX
plugins:
- serverless-step-functions
- serverless-iam-roles-per-function
package:
individually: true
exclude:
- '**/*'
include:
- handler.py
Any ideas as to where this VPC issue is coming from? The list of Security Groups I’ve included here represents the set of the Security Groups allocated to EFS and the instance it has been mounted to.
