Skip to content

Instantly share code, notes, and snippets.

@codecitizen
Created November 22, 2018 20:42
Show Gist options
  • Save codecitizen/47073231d781979baec47148e40ab38b to your computer and use it in GitHub Desktop.
Save codecitizen/47073231d781979baec47148e40ab38b to your computer and use it in GitHub Desktop.
A serverless.yml file configuring a AWS ElastiCache redis instance that is accessible by all AWS Lambda functions deployed by this serverless function.
service: my-service
provider:
name: aws
runtime: nodejs8.10
stage: ${opt:stage, 'dev'}
environment:
REDIS_HOST:
"Fn::GetAtt": [ElasticCacheCluster, RedisEndpoint.Address]
functions:
trigger:
handler: src/serverless.trigger
vpc:
securityGroupIds:
- "Fn::GetAtt": ServerlessSecurityGroup.GroupId
subnetIds:
- Ref: PrivateSubnetA
events:
- http: POST /trigger
status:
handler: src/serverless.getStatus
vpc:
securityGroupIds:
- "Fn::GetAtt": ServerlessSecurityGroup.GroupId
subnetIds:
- Ref: PrivateSubnetA
events:
- http: GET /status
transform:
handler: src/serverless.transform
vpc:
securityGroupIds:
- "Fn::GetAtt": ServerlessSecurityGroup.GroupId
subnetIds:
- Ref: PrivateSubnetA
resources:
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: "10.0.0.0/16"
IP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
InternetGateway:
Type: AWS::EC2::InternetGateway
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId:
Ref: VPC
InternetGatewayId:
Ref: InternetGateway
NatGateway:
Type: AWS::EC2::NatGateway
Properties:
AllocationId:
Fn::GetAtt:
- IP
- AllocationId
SubnetId:
Ref: PublicSubnetA
PrivateSubnetA:
DependsOn: VPC
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: VPC
AvailabilityZone: ${self:provider.region}a
CidrBlock: "10.0.1.0/24"
PublicSubnetA:
DependsOn: VPC
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: VPC
AvailabilityZone: ${self:provider.region}a
CidrBlock: "10.0.2.0/24"
PrivateRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: VPC
PrivateRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: PrivateRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId:
Ref: NatGateway
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: VPC
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: InternetGateway
SubnetRouteTableAssociationLambdaPrivateA:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId:
Ref: PrivateSubnetA
RouteTableId:
Ref: PrivateRouteTable
SubnetRouteTableAssociationLambdaPublicA:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId:
Ref: PublicSubnetA
RouteTableId:
Ref: PublicRouteTable
ServerlessSecurityGroup:
DependsOn: VPC
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: SecurityGroup for Serverless Functions
VpcId:
Ref: VPC
ServerlessStorageSecurityGroup:
DependsOn: VPC
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Ingress for Redis Cluster
VpcId:
Ref: VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '6379'
ToPort: '6379'
SourceSecurityGroupId:
Ref: ServerlessSecurityGroup
ServerlessCacheSubnetGroup:
Type: AWS::ElastiCache::SubnetGroup
Properties:
Description: "Cache Subnet Group"
SubnetIds:
- Ref: PrivateSubnetA
ElasticCacheCluster:
DependsOn: ServerlessStorageSecurityGroup
Type: AWS::ElastiCache::CacheCluster
Properties:
AutoMinorVersionUpgrade: true
Engine: redis
CacheNodeType: ${self:custom.config.CACHE_INSTANCE_SIZE}
NumCacheNodes: 1
VpcSecurityGroupIds:
- "Fn::GetAtt": ServerlessStorageSecurityGroup.GroupId
CacheSubnetGroupName:
Ref: ServerlessCacheSubnetGroup
custom:
config:
CACHE_INSTANCE_SIZE: cache.t2.micro
@SeaGuy
Copy link

SeaGuy commented Jul 16, 2019

Thank you - your example was very helpful.

@codecitizen
Copy link
Author

no probs :)

@antonb-via
Copy link

I use it all the time, thanks!

@avin-kavish
Copy link

uhhhh... anyway to simplyfy this to an existing elasti cache cluster?

@xgiovio
Copy link

xgiovio commented Apr 9, 2020

interesting but, why did you create also a public gateway, a public subnet, a public routing table, a public route if you don't use them?

@karocksjoelee
Copy link

I am getting :

` Error --------------------------------------------------

Error: {"errorMessage":"You're not authorized to access this resource. - Please contact support and provide this identifier to reference this issue - QVFQVQTP3V4B"}
at _callee$ (/usr/local/lib/node_modules/serverless/node_modules/@serverless/platform-sdk/src/utils/checkHttpResponse.js:19:9)
at tryCatch (/usr/local/lib/node_modules/serverless/node_modules/regenerator-runtime/runtime.js:45:40)
at Generator.invoke [as _invoke] (/usr/local/lib/node_modules/serverless/node_modules/regenerator-runtime/runtime.js:271:22)
at Generator.prototype.(anonymous function) [as next] (/usr/local/lib/node_modules/serverless/node_modules/regenerator-runtime/runtime.js:97:21)
at step (/usr/local/lib/node_modules/serverless/node_modules/@serverless/platform-sdk/dist/utils/checkHttpResponse.js:7:191)
at /usr/local/lib/node_modules/serverless/node_modules/@serverless/platform-sdk/dist/utils/checkHttpResponse.js:7:361
at process._tickCallback (internal/process/next_tick.js:68:7)

 For debugging logs, run again after setting the "SLS_DEBUG=*" environment variable.

Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Issues: forum.serverless.com

Your Environment Information ---------------------------
Operating System: darwin
Node Version: 10.16.0
Framework Version: 1.61.3
Plugin Version: 3.3.0
SDK Version: 2.3.0
Components Core Version: 1.1.2
Components CLI Version: 1.4.0`

@zodman
Copy link

zodman commented Jun 18, 2020

@sjatkins
Copy link

This is building a VPC? I already have a VPC with REDIS within it. How would I get to it? An example of that would be shorter to read through as well. :)

@jfollmann
Copy link

Thanks for share this ☺

@dheerdotk
Copy link

Getting tis warning
Warning: Invalid configuration encountered
at 'functions.trigger.vpc.securityGroupIds.0.Fn::GetAtt': must NOT have fewer than 2 items
at 'functions.status.vpc.securityGroupIds.0.Fn::GetAtt': must NOT have fewer than 2 items
at 'functions.transform.vpc.securityGroupIds.0.Fn::GetAtt': must NOT have fewer than 2 items

@brianyates
Copy link

@dheerdotk I had the same issue. Perhaps the serverless.yml syntax has changed this this was posted. I was able to get it to work by updating all the instances where Fn::GetAtt is being called with a string to calling them with an array. For example:

"Fn::GetAtt": ServerlessSecurityGroup.GroupId

should be changed to

Fn::GetAtt: [ServerlessSecurityGroup, GroupId]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment