How to toggle Vpc configuration per stage?

This guy has asked the serverless forum for a solution to implement it. That is why I wanted to write this post to describe how to toggle VPC configuration per stage. I hope it can help you and save your time 🙂

If you are working on the Serverless framework to build your application on AWS. You possibly wanted to run your Lambda functions under your private Vpc to protect your functions and hide it from the world. But sometimes, you might want to run your function without VPC such as for non-production environments.

Vpc on AWS Lambda

Basically, we can disable Vpc configuration for Lambda function by either:

  • Omit the vpc property in the provider configuration.
  • Or you can set both securityGroupIds and subnetIds as an empty array.

Based on the above logic, we can define a property in the custom prop as below:

custom:
  vpc:
    dev:
      # If you don't want to run Lambda under a Vpc, then just give it an empty array
      securityGroupIds: []
      subnetIds: []

    # You can add more stages here

    prod:
      securityGroupIds:
        Fn::Split:
          - ','
          - ${file(secrets.${self:provider.stage}.yml):VPC_SECURITY_GROUP_IDS}
      subnetIds:
        Fn::Split:
          - ','
          - ${file(secrets.${self:provider.stage}.yml):VPC_SUBNET_IDS}

Then you can update the provider config likes this:

provider:
  name: aws
  ...
  vpc: ${self:custom.vpc.${self:provider.stage}}

With the above configurations, deploy to the dev stage will not add your lambda functions to a Vpc, but deploy to the prod stage will add your lambda functions to your desired Vpc.

You can refer to some plugins I added in the serverless.yml file, it can be used to create your Vpc automatically or discover from the AWS account.

If you want to have a try, you can check out our repo on Github.

Should you run into issues while practicing the steps outlined in this article, I encourage you to reach out to me. You can get in touch with me through my Twitter handle @hoangleitvn

About Author:

Co-Founder & CTO at @innomizetech | AWS Certified Solution Architect | Dream Big - Think Big - Do Big

Leave a Comment

Your email address will not be published. Required fields are marked *