JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 4156
  • Score
    100M100P100Q125556F
  • License MIT

Serverless Plugin to generate a VPC

Package Exports

  • serverless-vpc-plugin

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (serverless-vpc-plugin) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

serverless-vpc-plugin

serverless npm version MIT licensed npm downloads

Automatically creates a Virtual Private Cloud (VPC) using all available Availability Zones (AZ) in a region.

This plugin provisions the following resources:

  • AWS::EC2::VPC
  • AWS::EC2::InternetGateway (for outbound public internet access)
  • AWS::EC2::VPCGatewayAttachment (to attach the InternetGateway to the VPC)
  • AWS::EC2::SecurityGroup (to execute Lambda functions)

If the VPC is allocated a /16 subnet, each availability zone within the region will be allocated a /20 subnet. Within each availability zone, this plugin will further divide the subnets:

  • AWS::EC2::Subnet "Application" (/21) - default route is either InternetGateway or NatGateway
  • AWS::EC2::Subnet "Public" (/22) - default route set InternetGateway
  • AWS::EC2::Subnet "Database" (/22) - no default route set in routing table

The subnetting layout was heavily inspired by the now shutdown Skyliner platform. 😞

Optionally, this plugin can also create AWS::EC2::NatGateway instances in each availability zone which requires provisioning AWS::EC2::EIP resources (AWS limits you to 5 per VPC).

Any Lambda functions executing with the "Application" subnet will only be able to access S3 (via the S3 VPC endpoint), DynamoDB (via the DynamoDB VPC endpoint), RDS (provisioned within the "DB" subnet), ElastiCache (provisioned within the "DB" subnet), RedShift (provisioned within the "DB" subnet), a DAX cluster (provisioned within the "DB" subnet), or a Neptune cluster (provisioned with the "DB" subnet). If your Lambda functions need to access any other AWS service or the Internet, then you MUST provision NatGateway resources.

This plugin will also provision the following database-related resources:

  • AWS::RDS::DBSubnetGroup
  • AWS::ElastiCache::SubnetGroup
  • AWS::Redshift::ClusterSubnetGroup
  • AWS::DAX::SubnetGroup
  • AWS::Neptune::DBSubnetGroup
  • AWS::EC2::VPCEndpoint for S3
  • AWS::EC2::VPCEndpoint for DynamoDB

to make it easier to create these resources across all of the availability zones.

Installation

$ npm install --save-dev serverless-vpc-plugin

Configuration

  • All vpcConfig configuration parameters are optional
# add in your serverless.yml

plugins:
  - serverless-vpc-plugin

provider:
  vpc:
    securityGroupIds:
      - Ref: LambdaExecutionSecurityGroup
    subnetIds: # if specifying zones below, include the same number of subnets here
      - Ref: AppSubnet1
      - Ref: AppSubnet2
      - Ref: AppSubnet3
      #- Ref: AppSubnet4
      #- Ref: AppSubnet5
      #- Ref: AppSubnet6
  iamRoleStatements:
    - Effect: Allow
      Action:
        - 'ec2:CreateNetworkInterface'
        - 'ec2:DescribeNetworkInterfaces'
        - 'ec2:DetachNetworkInterface'
        - 'ec2:DeleteNetworkInterface'
      Resource: '*'

custom:
  vpcConfig:
    cidrBlock: '10.0.0.0/16'
    useNatGateway: true
    zones: # optionally specify AZs (defaults to auto-discover all availabile AZs)
      - us-east-1a
      - us-east-1b
      - us-east-1c