AWS::Lambda::Function VpcConfig
The VPC security groups and subnets that are attached to a Lambda function. When you connect a function to a VPC, Lambda creates an elastic network interface for each combination of security group and subnet in the function's VPC configuration. The function can only access resources and the internet through that VPC. For more information, see VPC Settings.
Note
When you delete a function, AWS CloudFormation monitors the state of its network interfaces and waits for Lambda to delete them before proceeding. If the VPC is defined in the same stack, the network interfaces need to be deleted by Lambda before AWS CloudFormation can delete the VPC's resources.
To monitor network interfaces, AWS CloudFormation needs the ec2:DescribeNetworkInterfaces
permission. It obtains this from the user or role that modifies the stack. If you don't provide this permission,
AWS CloudFormation does not wait for network interfaces to be deleted.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Ipv6AllowedForDualStack" :Boolean, "SecurityGroupIds" :[ String, ... ], "SubnetIds" :[ String, ... ]}
YAML
Ipv6AllowedForDualStack:BooleanSecurityGroupIds:- StringSubnetIds:- String
Properties
Ipv6AllowedForDualStack-
Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
Required: No
Type: Boolean
Update requires: No interruption
SecurityGroupIds-
A list of VPC security group IDs.
Required: No
Type: Array of String
Maximum:
5Update requires: No interruption
SubnetIds-
A list of VPC subnet IDs.
Required: No
Type: Array of String
Maximum:
16Update requires: No interruption
Examples
VPC Configuration
Connect a function to a VPC.
YAML
VpcConfig: SecurityGroupIds: - sg-085912345678492fb SubnetIds: - subnet-071f712345678e7c8 - subnet-07fd123456788a036
