aws-lambda icon indicating copy to clipboard operation
aws-lambda copied to clipboard

Published 20 hours ago verified publisher icon serverless-components

VPC inputs doesn't work

Open harleyguru opened this issue 4 years ago • 2 comments 

vpcConfig:                     # (optional) lambda vpc configuration. default is null.
    securityGroupIds:            # (optional) lambda vpc security group ids.
      - xxx
      - xxx
    subnetIds:                   # (optional) lambda vpc subnet ids.
      - xxx
      - xxx

When I add this configuration, I get the following error upon the deployment:

The provided execution role does not have permissions to call CreateNetworkInterface on EC2

This component should add required permission for Lambda. One odd thing is that rather graphql component is doing right job for this part.

harleyguru avatar Oct 06 '20 01:10 harleyguru

The issue is that I must create IAM role for lambda execution role myself (hopefully, when we specify VPC configuration in this component, I wish it would create an appropriate role itself in background). Also one more issue is roleArn in Readme is miss-spelled, it should be roleName. I note this for anyone else facing this issue in the future.

harleyguru avatar Oct 06 '20 17:10 harleyguru

I've encountered this also when setting the vpcConfig. I've created the role component for it and then end up needing additions to the role, so that has just became part of my standard project layout.

It would be nice if setting the vpcConfig took care of the policies for the cases where a custom role is not required.

At minimum it should probably have an example of how to deal with this in the documentation and show information that would help the user get to the solution.

hypexr avatar Dec 18 '20 22:12 hypexr