This tutorial explains how to configure an AWS Lambda function to connect to private subnets in a VPC using CloudFormation template.
Below are the steps to create a Lambda function and to configure it to connect to VPC using CloudFormation template.
Step 1: Create directory with name cft-tutorials and open it in vscode.
Step 2: Create a file sample_cft.yaml inside cft-tutorials.
Step 3: Copy the below YAML template in
sample_cft.yaml. Below CloudFormation template first
creates an IAM Role with two managed policies
and attaches IAM Role to the Lambda Function. In the below
template replace SecurityGroupIds and
SubnetIds with proper values.
AWSTemplateFormatVersion: '2010-09-09' Resources: LambdaExecutionRole: Type: AWS::IAM::Role Properties: RoleName: lambda-execution-role Description: "IAM role for VPCLambdaFunction." AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - 'sts:AssumeRole' ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole VPCLambdaFunction: Type: AWS::Lambda::Function Properties: Role: !GetAtt LambdaExecutionRole.Arn Handler: index.handler Code: ZipFile: | import json def lambda_handler(event, context): print("hello world") Description: Lambda function configured to connect to VPC. Runtime: python3.9 Timeout: 15 VpcConfig: SecurityGroupIds: - sg-085912345678492fb # Replace with your security group id SubnetIds: - subnet-071f712345678e7c8 # Replace with your subnet id - subnet-07fd123456788a036 # Replace with your subnet id MemorySize: 128
Step 4: Open the AWS CloudFormation directly with the URL https://console.aws.amazon.com/cloudformation/ .
Step 5: Navigate to Stacks, Click on Create stack and click on With new resources (standard).
Step 6: Select Template is ready . Select Upload a template file. Click on Choose file to select sample_cft.yaml from cft-tutorials directory and click on Next.
Step 7: Enter Stack name and click on Next.
Step 8: In "Configure stack options" page click on Next.
Step 9: Scroll down to check the confirmation for creating IAM roles and click on Create stack.
Step 10: Check Stack Events section, on completion you should see CREATE_COMPLETE for the stack.