Created
July 25, 2018 06:31
-
-
Save jincod/6bee93211b709c205f45ed4df4a1e783 to your computer and use it in GitHub Desktop.
Deploying AWS Lambda using Serverless Framework to VPC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| service: service-name | |
| custom: | |
| defaultStage: dev | |
| profiles: | |
| dev: aws-dev | |
| prod: aws-prod | |
| region: | |
| dev: eu-west-2 | |
| prod: eu-west-2 | |
| vpc: | |
| dev: | |
| securityGroupIds: | |
| - sg-xxx # SServerlessSecurityGroup | |
| subnetIds: | |
| - subnet-xxx # SubnetAPrivate | |
| - subnet-xxx # SubnetBPrivate | |
| prod: | |
| iamRoleStatements: | |
| dev: | |
| - Effect: "Allow" | |
| Action: | |
| - "ec2:CreateNetworkInterface" | |
| - "ec2:DescribeNetworkInterfaces" | |
| - "ec2:DeleteNetworkInterface" | |
| - "ec2:DetachNetworkInterface" | |
| Resource: "*" | |
| prod: | |
| provider: | |
| name: aws | |
| runtime: nodejs8.10 | |
| timeout: 60 | |
| stage: ${opt:stage, self:custom.defaultStage} | |
| profile: ${opt:profile, self:custom.profiles.${self:provider.stage}} | |
| region: ${self:custom.region.${self:provider.stage}} | |
| vpc: ${self:custom.vpc.${self:provider.stage}} | |
| iamRoleStatements: ${self:custom.iamRoleStatements.${self:provider.stage}} | |
| environment: | |
| VARIABLE_1: 'value' | |
| functions: | |
| main: | |
| handler: src/handler.main | |
| events: | |
| - schedule: cron(0 7 * * ? *) # 8 AM London time |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: 'VPC Base Infrastructure' | |
| Resources: | |
| VPC: | |
| Type: 'AWS::EC2::VPC' | |
| Properties: | |
| CidrBlock: !Sub '192.168.0.0/16' | |
| EnableDnsSupport: true | |
| EnableDnsHostnames: true | |
| InstanceTenancy: default | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '192.168.0.0/16' | |
| InternetGateway: | |
| Type: 'AWS::EC2::InternetGateway' | |
| Properties: | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '192.168.0.0/16' | |
| VPCGatewayAttachment: | |
| Type: 'AWS::EC2::VPCGatewayAttachment' | |
| Properties: | |
| VpcId: !Ref VPC | |
| InternetGatewayId: !Ref InternetGateway | |
| SubnetAPublic: | |
| Type: 'AWS::EC2::Subnet' | |
| Properties: | |
| AvailabilityZone: !Select [0, !GetAZs ''] | |
| CidrBlock: !Sub '192.168.32.0/20' | |
| MapPublicIpOnLaunch: true | |
| VpcId: !Ref VPC | |
| SubnetAPrivate: | |
| Type: 'AWS::EC2::Subnet' | |
| Properties: | |
| AvailabilityZone: !Select [0, !GetAZs ''] | |
| CidrBlock: !Sub '192.168.48.0/20' | |
| VpcId: !Ref VPC | |
| SubnetBPrivate: | |
| Type: 'AWS::EC2::Subnet' | |
| Properties: | |
| AvailabilityZone: !Select [1, !GetAZs ''] | |
| CidrBlock: !Sub '192.168.64.0/20' | |
| VpcId: !Ref VPC | |
| RouteTableAPublic: | |
| Type: 'AWS::EC2::RouteTable' | |
| Properties: | |
| VpcId: !Ref VPC | |
| RouteTableAPrivate: | |
| Type: 'AWS::EC2::RouteTable' | |
| Properties: | |
| VpcId: !Ref VPC | |
| RouteTableBPrivate: | |
| Type: 'AWS::EC2::RouteTable' | |
| Properties: | |
| VpcId: !Ref VPC | |
| RouteTableAssociationAPublic: | |
| Type: 'AWS::EC2::SubnetRouteTableAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetAPublic | |
| RouteTableId: !Ref RouteTableAPublic | |
| RouteTableAssociationAPrivate: | |
| Type: 'AWS::EC2::SubnetRouteTableAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetAPrivate | |
| RouteTableId: !Ref RouteTableAPrivate | |
| RouteTableAssociationBPrivate: | |
| Type: 'AWS::EC2::SubnetRouteTableAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetBPrivate | |
| RouteTableId: !Ref RouteTableBPrivate | |
| EIP: | |
| Type: 'AWS::EC2::EIP' | |
| Properties: | |
| Domain: vpc | |
| NatGateway: | |
| Type: 'AWS::EC2::NatGateway' | |
| Properties: | |
| AllocationId: !GetAtt 'EIP.AllocationId' | |
| SubnetId: !Ref SubnetAPublic | |
| RouteTableAPrivateInternetRoute: | |
| Type: AWS::EC2::Route | |
| Properties: | |
| RouteTableId: !Ref RouteTableAPrivate | |
| DestinationCidrBlock: '0.0.0.0/0' | |
| NatGatewayId: !Ref NatGateway | |
| RouteTableBPrivateInternetRoute: | |
| Type: AWS::EC2::Route | |
| Properties: | |
| RouteTableId: !Ref RouteTableBPrivate | |
| DestinationCidrBlock: '0.0.0.0/0' | |
| NatGatewayId: !Ref NatGateway | |
| RouteTableAPublicInternetRoute2: | |
| Type: AWS::EC2::Route | |
| Properties: | |
| RouteTableId: !Ref RouteTableAPublic | |
| DestinationCidrBlock: '0.0.0.0/0' | |
| GatewayId: !Ref InternetGateway | |
| ServerlessSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: SecurityGroup for Serverless Functions | |
| VpcId: !Ref VPC | |
| ServerlessSecurityGroupIngress: | |
| Type: AWS::EC2::SecurityGroupIngress | |
| Properties: | |
| GroupId: !Ref ServerlessSecurityGroup | |
| IpProtocol: -1 | |
| SourceSecurityGroupId: !Ref ServerlessSecurityGroup | |
| Outputs: | |
| SubnetAPrivate: | |
| Description: 'Subnet A Private' | |
| Value: !Ref SubnetAPrivate | |
| SubnetBPrivate: | |
| Description: 'Subnet B Private' | |
| Value: !Ref SubnetBPrivate | |
| ServerlessSecurityGroup: | |
| Description: 'Serverless Security Group' | |
| Value: !Ref ServerlessSecurityGroup |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment