[Forwarder] Private link support (VPC configuration support through CF template)See original GitHub issue
The above documentation is a little misleading since the default cloudformation template doesn’t seem to support enabling VPC/subnets/security group. It also can’t be added by brute force unless you attach the missing
AWSLambdaVPCAccessExecutionRole to the role.
I could be missing something, but it’s not entirely obvious. Are you guys planning on adding these config parameters at some point? I can send send a PR, but this will introduce some pretty obnoxious branching/parameter collecting that you guys are going to able pump out a lot faster/cleaner.
AWS::Serverless::Function would need a branching for
Also the execution role will need aws managed
I got it working, but i’m just drifting the stack and brute forcing my way there, just not a long term solution.
- Created 4 years ago
- Comments:7 (6 by maintainers)
Top GitHub Comments
This is exciting! I’m beginning on the exact same path as @rromanchuk over the past week, when I realized there was no VPC so it couldn’t use my privatelink is when I searched and found this. I think I’ll be manually modifying my lambdas in the mean-time, but definitely interested in seeing this update.
It’s probably much more important for the forwarder as logs can end up being quite a few GB in some cases, but I’m also looking at it for the RDS enhanced metrics lambda even though it’s just api/metrics, small traffic. Since all the agents and everything else would be using private link, it seems funny to just have the one going over the internet gateway.