Skip to content

aws-lambda: VpcConfig is not configured for Lambda Function without specifying Vpc prop #26508

Closed
#26528
Closed
aws-lambda: VpcConfig is not configured for Lambda Function without specifying Vpc prop#26508
#26528
Labels
@aws-cdk/aws-lambdaRelated to AWS LambdabugThis issue is a bug.effort/mediumMedium work item – several days of effortp2
@longtv2222

Description

@longtv2222
longtv2222
opened on Jul 26, 2023

Describe the bug

Specifying securityGroups without specifying vpc prop in Lambda Function leads to VpcConfig not added to the generated CloudFormation Template.

Expected Behavior

VpcConfig is added to Lambda Function:

  "functionF19B1A04": {
   "Type": "AWS::Lambda::Function",
   "Properties": {
    "Code": {
     "ZipFile": "..."
    },
    "Handler": "index.handler",
    "Role": {
     "Fn::GetAtt": [
      "functionServiceRoleEF216095",
      "Arn"
     ]
    },
    "Runtime": "nodejs18.x",
    "VpcConfig": { // VpcConfig is added here
        ...
    }
   },
   "DependsOn": [
    ...
   ]

Current Behavior

VpcConfig is not in Lambda Function

  "functionF19B1A04": {
   "Type": "AWS::Lambda::Function",
   "Properties": {
    "Code": {
     "ZipFile": "..."
    },
    "Handler": "index.handler",
    "Role": {
     "Fn::GetAtt": [
      "functionServiceRoleEF216095",
      "Arn"
     ]
    },
    "Runtime": "nodejs18.x"
   },
   "DependsOn": [
    "functionServiceRoleEF216095"
   ],
   "Metadata": {
    "aws:cdk:path": "TestStack/function/Resource"
   }
  },

Reproduction Steps

The following code does not add VpcConfig to CloudFormation template for Lambda function:

import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import * as ec2 from 'aws-cdk-lib/aws-ec2'
import * as lambda from 'aws-cdk-lib/aws-lambda';

export class TestStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const vpc = new ec2.Vpc(this, "vpc");
    const sg = new ec2.SecurityGroup(this, "sg", {
      vpc
    });

    const fn = new lambda.Function(this, 'function', {
      runtime: lambda.Runtime.NODEJS_18_X,
      handler: 'index.handler',
      code: lambda.Code.fromInline("..."),
      securityGroups:[sg],
    });
  }
}

However, by adding vpc to props, now VpcConfig is added to the CloudFormation template

    const fn = new lambda.Function(this, 'function', {
      runtime: lambda.Runtime.NODEJS_18_X,
      handler: 'index.handler',
      code: lambda.Code.fromInline("..."),
      securityGroups:[sg],
      vpc, // Add vpc to prop
    });

Possible Solution

securityGroup (no s) is deprecated and CDK is not throwing error if securityGroups is specified and vpc is not specified

aws-cdk/packages/aws-cdk-lib/aws-lambda/lib/function.ts

Lines 1225 to 1227 in 39a1d6b

if ((props.securityGroup || props.allowAllOutbound !== undefined) && !props.vpc) {
throw new Error('Cannot configure \'securityGroup\' or \'allowAllOutbound\' without configuring a VPC');
}

Additional Information/Context

No response

CDK CLI Version

2.87.0

Framework Version

No response

Node.js Version

18

OS

Window

Language

Typescript

Language Version

No response

Other information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/aws-lambdaRelated to AWS LambdabugThis issue is a bug.effort/mediumMedium work item – several days of effortp2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions