Possible to reference a Security Group being created?
corydorning53 opened this issue · comments
In my serverless.yml
I create the following security group in the resources
section:
resources:
Resources:
MySecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow all outbound traffic, no inbound for Lambdas
SecurityGroupEgress:
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
VpcId: ${self:custom.${self:provider.stage}.vpcId}
Then in my functions I reference it as:
functions:
mylambda:
handler: api/my.lambda
runtime: nodejs14.x
vpc:
securityGroupIds:
- Ref: MySecurityGroup
This has the side effect of giving the following configuration warning, even though its not really an issue, because I reference the subnets in the custom.vpcDiscovery
:
Serverless: Configuration warning:
Serverless: at 'functions.myLambda.vpc': should have required property 'subnetIds'
So I was wondering if I could remove the vpc.securityGroupIds
altogether and just reference MySecurityGroup
in the plugin config:
vpcDiscovery:
vpcName: ${self:custom.tk.vpc}
subnets:
- tagKey: Name
tagValues:
- app_sn_0
- app_sn_1
- app_sn_2
securityGroups:
- Ref: MySecurityGroup
i have the exact same case, the SG is created with severless framework, i want severless-vpc-discovery plugin discover subnets only.
any plans to implement this? asking because if I add configValidationMode: error
to my serverless.yml it breaks.
bumping this issue...as it still persists and serverless v3 has been released.
Same issue here, I am also using this plugin to discover subnets of an existing VPC, but defining a security group as a resource and I get the same validation warning.
Bonus, it would also be really nice to get access to the resolved VPC ID from this plugin, so that you don't have to define both a VPC name for auto-discovery and a VPC ID that needs to be referenced in the SG resource.
@corydorning I know it was a year ago now, but did you find a way to work with this?