Identify Infrastructure Composer resources and related information in a VPC - AWS Infrastructure Composer

Identify Infrastructure Composer resources and related information in a VPC

To integrate Infrastructure Composer with Amazon VPC, you must first identify resources in a VPC and the information needed to complete an integration. This also includes configuration information related to security groups, subnet identifiers, parameter types, SSM types, static value types.

Infrastructure Composer visualizes resources in a VPC using a VPC tag. This tag is applied to cards on the canvas. The following is an example of a Lambda function with a VPC tag:

A VPC tag visualizing a Lambda function in Infrastructure Composer that is configured with a VPC.

VPC tags are applied to cards on the canvas when you do the following:

  • Configure a Lambda function with a VPC in Infrastructure Composer.

  • Import a template that contains resources configured with a VPC.

Security group and subnet identifiers

A Lambda function can be configured with multiple security groups and subnets. To configure a security group or subnet for a Lambda function, provide a value and type.

  • Value – An identifier for the security group or subnet. Accepted values will vary based on the type.

  • Type – The following types of values are allowed:

    • Parameter name

    • AWS Systems Manager (SSM) Parameter Store

    • Static value

Parameter type

The Parameters section of an AWS CloudFormation template can be used to store resource information across multiple templates. For more information on parameters, see Parameters in the AWS CloudFormation User Guide.

For the Parameter type, you can provide a parameter name. In the following example, we provide a PrivateSubnet1 parameter name value:

A PrivateSubnet1 value being provided for the Parameter type of a subnet ID field.

When you provide a parameter name, Infrastructure Composer defines it in the Parameters section of your template. Then, Infrastructure Composer references the parameter in your Lambda function resource. The following is an example:

... Resources: Function: Type: AWS::Serverless::Function Properties: ... VpcConfig: SubnetIds: - !Ref PrivateSubnet1 Parameters: PrivateSubnet1: Type: AWS::EC2::Subnet::Id Description: Parameter is generated by Infrastructure Composer

SSM type

The SSM Parameter Store provides a secure, hierarchical storage for configuration data management and secrets management. For more information, see AWS Systems Manager Parameter Store in the AWS Systems Manager User Guide.

For the SSM type, you can provide the following values:

  • Dynamic reference to a value from the SSM Parameter Store.

  • Logical ID of an AWS::SSM::Parameter resource defined in your template.

Dynamic reference

You can reference a value from the SSM Parameter Store using a dynamic reference in the following format: {{resolve:ssm:reference-key}}. For more information, see SSM parameters in the AWS CloudFormation User Guide.

Infrastructure Composer creates the infrastructure code to configure your Lambda function with the value from the SSM Parameter Store. The following is an example:

... Resources: Function: Type: AWS::Serverless::Function Properties: ... VpcConfig: SecurityGroupIds: - '{{resolve:ssm:demo-app/sg-0b61d5c742dc2c773}}' ...

Logical ID

You can reference an AWS::SSM::Parameter resource in the same template by logical ID.

The following is an example of an AWS::SSM::Parameter resource named PrivateSubnet1Parameter that stores the subnet ID for PrivateSubnet1:

... Resources: PrivateSubnet1Parameter: Type: AWS::SSM::Parameter Properties: Name: /MyApp/VPC/SubnetIds Description: Subnet ID for PrivateSubnet1 Type: String Value: subnet-04df123445678a036

The following is an example of this resource value being provided by logical ID for the Lambda function:

A PrivateSubnet1Parameter value being provided for the SSM type of a subnet ID field.

Infrastructure Composer creates the infrastructure code to configure your Lambda function with the SSM parameter:

... Resources: Function: Type: AWS::Serverless::Function Properties: ... VpcConfig: SubnetIds: - !Ref PrivateSubnet1Parameter ... PrivateSubnet1Parameter: Type: AWS::SSM::Parameter Properties: ...

Static value type

When a security group or subnet is deployed to AWS CloudFormation, an ID value is created. You can provide this ID as a static value.

For the static value type, the following are valid values:

  • For security groups, provide the GroupId. For more information, see Return values in the AWS CloudFormation User Guide. The following is an example: sg-0b61d5c742dc2c773.

  • For subnets, provide the SubnetId. For more information, see Return values in the AWS CloudFormation User Guide. The following is an example: subnet-01234567890abcdef.

Infrastructure Composer creates the infrastructure code to configure your Lambda function with the static value. The following is an example:

... Resources: Function: Type: AWS::Serverless::Function Properties: ... VpcConfig: SecurityGroupIds: - subnet-01234567890abcdef SubnetIds: - sg-0b61d5c742dc2c773 ...

Using multiple types

For security groups and subnets, you can use multiple types together. The following is an example that configures three security groups for a Lambda function by providing values of different types:

Three different value types being used to provide identifiers for the security group ID field of a Lambda function.

Infrastructure Composer references all three values under the SecurityGroupIds property:

... Resources: Function: Type: AWS::Serverless::Function Properties: ... VpcConfig: SecurityGroupIds: - !Ref MySecurityGroup - sg-0b61d5c742dc2c773 - '{{resolve::ssm::demo/sg-0b61d5c742dc23}}' ... Parameters: MySecurityGroup: Type: AWS::EC2::SecurityGroup::Id Description: Parameter is generated by Infrastructure Composer