terraform-plantuml
terraform-plantuml copied to clipboard
Lambda appears in all possible subnets instead of only its own
I get
@startuml
!define AWSPuml https://raw.githubusercontent.com/awslabs/aws-icons-for-plantuml/v14.0/dist
!include AWSPuml/AWSCommon.puml
!include AWSPuml/Groups/all.puml
!include AWSPuml/Containers/all.puml
!include AWSPuml/Database/all.puml
!include AWSPuml/Compute/all.puml
!include AWSPuml/General/all.puml
!include AWSPuml/SecurityIdentityCompliance/all.puml
!include AWSPuml/Storage/all.puml
!include AWSPuml/NetworkingContentDelivery/all.puml
' define custom group for Amazon S3 bucket
AWSGroupColoring(S3BucketGroup, #FFFFFF, AWS_COLOR_GREEN, plain)
!define S3BucketGroup(g_alias, g_label="S3 Buckets") AWSGroupEntity(g_alias, g_label, AWS_COLOR_GREEN, SimpleStorageService, S3BucketGroup)
' define custom group for IAM
AWSGroupColoring(IAMGroup, #FFFFFF, AWS_COLOR_RED, plain)
!define IAMGroup(g_alias, g_label="Identity Access Management (IAM)") AWSGroupEntity(g_alias, g_label, AWS_COLOR_RED, IdentityandAccessManagement, IAMGroup)
' Groups are rectangles with a custom style using stereotype - need to hide
hide stereotype
skinparam linetype ortho
skinparam rectangle {
BackgroundColor transparent
BorderColor transparent
}
AWSCloudGroup("aws", "AWS") {
S3BucketGroup("s3", "S3") {
rectangle "$SimpleStorageServiceBucketIMG()\nmy-bucket" as s3_0
}
RegionGroup("eu_west_2", "Region eu-west-2") {
VPCGroup("vpc_0009be1c376538d6a", "VPC Main VPC") {
rectangle "$VPCInternetGatewayIMG()\nInternet Gateway\nInternet Gateway" as igw_0dc67a37c3a5b229d
AvailabilityZoneGroup("vpc_0009be1c376538d6a_eu_west_2a", "AZ eu-west-2a") {
PrivateSubnetGroup("subnet_06bd6f307e56b7e29", "Pvt Subnet\nGlue Subnet zone 1\n10.20.31.0/24") {
rectangle "$LambdaLambdaFunctionIMG()\nLambda data_exporter\npython3.9" as data_exporter
}
PrivateSubnetGroup("subnet_0bd563a3f51d19d05", "Pvt Subnet\nLambda Subnet zone 1\n10.20.21.0/24") {
rectangle "$LambdaLambdaFunctionIMG()\nLambda data_exporter\npython3.9" as data_exporter
}
PrivateSubnetGroup("subnet_0e45d8608d385cdf1", "Pvt Subnet\nPrivate Subnet Application 1, zone 1\n10.20.11.0/24") {
rectangle "$EC2T2InstanceIMG()\nFirst application ec2 zone 1\nt2.micro\n10.20.11.95" as i_01b5a0b8080caf5c4
rectangle "$LambdaLambdaFunctionIMG()\nLambda data_exporter\npython3.9" as data_exporter
}
PrivateSubnetGroup("subnet_04481ddc904eafec9", "Pvt Subnet\nPublic subnet\n10.20.1.0/24") {
rectangle "$VPCNATGatewayIMG()\nNAT Gateway\nNAT Gateway\n10.20.1.227\n18.135.89.194" as nat_01730e1fe51a5824d
rectangle "$LambdaLambdaFunctionIMG()\nLambda data_exporter\npython3.9" as data_exporter
}
}
AvailabilityZoneGroup("vpc_0009be1c376538d6a_eu_west_2b", "AZ eu-west-2b") {
PrivateSubnetGroup("subnet_0eec7d1ef5ffb7710", "Pvt Subnet\nGlue Subnet zone 2\n10.20.32.0/24") {
rectangle "$LambdaLambdaFunctionIMG()\nLambda data_exporter\npython3.9" as data_exporter
}
PrivateSubnetGroup("subnet_075cb18cf1a5c6bba", "Pvt Subnet\nPrivate Subnet Application 1, zone 2\n10.20.12.0/24") {
rectangle "$LambdaLambdaFunctionIMG()\nLambda data_exporter\npython3.9" as data_exporter
}
PrivateSubnetGroup("subnet_03b0040d77b86090a", "Pvt Subnet\nPublic subnet\n10.20.2.0/24") {
rectangle "$LambdaLambdaFunctionIMG()\nLambda data_exporter\npython3.9" as data_exporter
}
}
}
}
}
@enduml
instead of
`@startuml
!define AWSPuml https://raw.githubusercontent.com/awslabs/aws-icons-for-plantuml/v14.0/dist
!include AWSPuml/AWSCommon.puml
!include AWSPuml/Groups/all.puml
!include AWSPuml/Containers/all.puml
!include AWSPuml/Database/all.puml
!include AWSPuml/Compute/all.puml
!include AWSPuml/General/all.puml
!include AWSPuml/SecurityIdentityCompliance/all.puml
!include AWSPuml/Storage/all.puml
!include AWSPuml/NetworkingContentDelivery/all.puml
' define custom group for Amazon S3 bucket
AWSGroupColoring(S3BucketGroup, #FFFFFF, AWS_COLOR_GREEN, plain)
!define S3BucketGroup(g_alias, g_label="S3 Buckets") AWSGroupEntity(g_alias, g_label, AWS_COLOR_GREEN, SimpleStorageService, S3BucketGroup)
' define custom group for IAM
AWSGroupColoring(IAMGroup, #FFFFFF, AWS_COLOR_RED, plain)
!define IAMGroup(g_alias, g_label="Identity Access Management (IAM)") AWSGroupEntity(g_alias, g_label, AWS_COLOR_RED, IdentityandAccessManagement, IAMGroup)
' Groups are rectangles with a custom style using stereotype - need to hide
hide stereotype
skinparam linetype ortho
skinparam rectangle {
BackgroundColor transparent
BorderColor transparent
}
AWSCloudGroup("aws", "AWS") {
S3BucketGroup("s3", "S3") {
rectangle "$SimpleStorageServiceBucketIMG()\nmy-bucket" as s3_0
}
RegionGroup("eu_west_2", "Region eu-west-2") {
VPCGroup("vpc_0009be1c376538d6a", "VPC Main VPC") {
rectangle "$VPCInternetGatewayIMG()\nInternet Gateway\nInternet Gateway" as igw_0dc67a37c3a5b229d
AvailabilityZoneGroup("vpc_0009be1c376538d6a_eu_west_2a", "AZ eu-west-2a") {
PrivateSubnetGroup("subnet_06bd6f307e56b7e29", "Pvt Subnet\nGlue Subnet zone 1\n10.20.31.0/24") {
}
PrivateSubnetGroup("subnet_0bd563a3f51d19d05", "Pvt Subnet\nLambda Subnet zone 1\n10.20.21.0/24") {
rectangle "$LambdaLambdaFunctionIMG()\nLambda data_exporter\npython3.9" as data_exporter
}
PrivateSubnetGroup("subnet_0e45d8608d385cdf1", "Pvt Subnet\nPrivate Subnet Application 1, zone 1\n10.20.11.0/24") {
rectangle "$EC2T2InstanceIMG()\nFirst application ec2 zone 1\nt2.micro\n10.20.11.95" as i_01b5a0b8080caf5c4
}
PrivateSubnetGroup("subnet_04481ddc904eafec9", "Pvt Subnet\nPublic subnet\n10.20.1.0/24") {
rectangle "$VPCNATGatewayIMG()\nNAT Gateway\nNAT Gateway\n10.20.1.227\n18.135.89.194" as nat_01730e1fe51a5824d
}
}
AvailabilityZoneGroup("vpc_0009be1c376538d6a_eu_west_2b", "AZ eu-west-2b") {
PrivateSubnetGroup("subnet_0eec7d1ef5ffb7710", "Pvt Subnet\nGlue Subnet zone 2\n10.20.32.0/24") {
}
PrivateSubnetGroup("subnet_075cb18cf1a5c6bba", "Pvt Subnet\nPrivate Subnet Application 1, zone 2\n10.20.12.0/24") {
}
PrivateSubnetGroup("subnet_03b0040d77b86090a", "Pvt Subnet\nPublic subnet\n10.20.2.0/24") {
}
}
}
}
}
@enduml
My lambda is defined like this:
resource "aws_lambda_function" "data_exporter" {
function_name = "data_exporter"
role = aws_iam_role.lambda_role.arn
handler = "${var.lf_exporter_name}.lambda_handler"
runtime = var.python_version
filename = data.archive_file.lambda_zip.output_path
source_code_hash = filebase64sha256(data.archive_file.lambda_zip.output_path)
layers = [var.arn_lambda_layer]
vpc_config {
subnet_ids = [aws_subnet.lambda_zone_1.id]
security_group_ids = [aws_security_group.lambda_sg.id]
}
tags = merge(
var.tags,
{
Name = "Lambda ${var.lf_exporter_name} function"
}
)
}
In the terraform.tfstate, I see for the lambda function:
"vpc_config": [
{
"security_group_ids": [
"sg-XXX"
],
"subnet_ids": [
"subnet-XXX"
],
"vpc_id": "vpc-XXX"
}
]