serverless: deploy lambda function with vpc apparently fails silently
This is a (Bug Report / Feature Proposal)
Bug Report
Description
When deploying some functions into a VPC using the AWS provider, my ‘vpc’ block appears to entirely ignored.
Maybe this is all a misconfiguration somewhere, but the docs for vpc usage are pretty sparse.
For bug reports:
- What went wrong? I defined a vpc block for a number of functions (3 of them, specifically) as follows:
vpc:
SecurityGroupIds:
- { "Ref" : "vpcSecurityGroup"}
SubnetIds:
- { "Ref": "esSubnet" }
The VPC, subnet, and security group are defined in my serverless.yml as follows:
AWSLambdaVPCAccessExecutionRole:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: Creating policy for vpc connetion.
Roles:
- {"Ref" : "IamRoleLambdaExecution"}
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- ec2:CreateNetworkInterface
- ec2:DescribeNetworkInterfaces
- ec2:DeleteNetworkInterface
Resource: "*"
serviceVPC:
Type: "AWS::EC2::VPC"
Properties:
CidrBlock: "10.0.0.0/16"
InstanceTenancy: default
vpcSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupName: secgrp-${self:service}-${opt:stage, self:provider.stage}
GroupDescription: "security group for vpc"
VpcId: { "Ref": "serviceVPC" }
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '0'
ToPort: '65535'
daxSubnet: #for later
Type: "AWS::EC2::Subnet"
Properties:
CidrBlock: "10.0.0.0/24"
VpcId: { "Ref": "serviceVPC" }
esSubnet:
Type: "AWS::EC2::Subnet"
Properties:
CidrBlock: "10.0.1.0/24"
VpcId: { "Ref": "serviceVPC" }
-
What did you expect should have happened? I expected the vpc configuration to be put on the functions.
-
What was the config you used?
-
What stacktrace or error message from your provider did you see? No error message. Instead, the functions are created with VPC configuration information.
Additional Data
I am using the serverless-domain-manager plugin and the serverless-split-stacks plugin. No other plugins.
-
Serverless Framework Version you’re using: 1.25.0
-
Operating System: MacOS High Sierra
-
Stack Trace: None given
-
Provider Error messages: None given
About this issue
- Original URL
- State: open
- Created 6 years ago
- Reactions: 3
- Comments: 18 (4 by maintainers)
I’m experiencing this problem too. Can anyone spot any issues with the yaml here?
@DrakkenSaer you also have subnetdIds instead of subnetIds
Thanks for the quick response! I got my problem figured out… there’s a typo in my yml, and looking at the code if one of the properties in the vpc object is missing then the whole vpc section will be ignored.
I suggest the serverless tool to throw an error if vpc object is detected but there are missing properties. Thanks!
I have been fighting with a similar issue about this, if you do not specify a Security group then it will not add the subnet, and it won’t fail, and won’t complain, simply ignore all.
A small tip, remember always to check the generated .serverless JSON to see if your stuff is in there.
I don’t know where that extra
dis coming in examples of across people, I had the same issue. Serverless was silently failing for this, it should fail fast.I copied this code snippet from one of the existing projects, it seems they’re not aware of this issue for the past 6 months. It should be definitely fixed.
@rishimittal, it’s not an indentation issue; rather a typo:
subnetIdsinstead ofsubnetdIds😄Should be as follows:
You might also want to double-check the indentation, since YAML can be picky about it.