Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
74 lines (62 sloc) 3.29 KB

+++ date = "2017-02-08" title = "Configuring VPC and RDS via Cloudformation for AWS Lambda" categories = ["English", "Tech"] tags = ["aws", "rds", "lambda", "cloudformation", "sqlalchemy", "vpc"] draft = false


[I have outlined the overall "project"]({{< relref "" >}}) and here is my notes on the RDS + VPC challange:

Setting up RDS (and VPC) via CloudFormation

The Serverless Framework has fields to include verbatim CloudFormation template data

aws cloudformation update-stack \
    --stack-name something-database \
    --template-body ....  \
    --parameters ...  # [1][2]
aws cloudformation describe-stacks \
    --stack-name something-database > db.out.json # [3]
serverless deploy --stage mystage

[1]I ended up doing it via boto3 and python
[2]: I based my template of something I found online and augmented with Outputs for my needs
[3]: I also ended up doing that via boto3 and python

Doing it this way meant that I could write

    - {"Fn::ImportValue": "db-${self:custom.stage}-SecurityGroupID"}
    - {"Fn::ImportValue": "db-${self:custom.stage}-SubnetA"}
    - {"Fn::ImportValue": "db-${self:custom.stage}-SubnetB"}
    - {"Fn::ImportValue": "db-${self:custom.stage}-SubnetC"}

in my serverless.yml and do something like the json.load in With current versions of serverless and AWS Lambda it should also be possible to add the values to the environment via a yaml load

VPC considerations

With regards to VPC it's worth noticing that when you add your Lambdas to custom VPCs internet access, S3 access is no longer implictly available. Specifically I met some gotchas around S3 VPC Endpoint configuration along with Security Groups and VPC and general access from Lambda to the RDS network-wise. The main result is this:

{{< gist svrist 6d15e48af94515f10ef828aad5e14aa1 >}}