Skip to content

Commit

Permalink
feat(custom-resource): support security group
Browse files Browse the repository at this point in the history
  • Loading branch information
hemige committed Nov 19, 2024
1 parent b8f47c8 commit 67ad9fe
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -417,6 +417,13 @@ export interface AwsCustomResourceProps {
* @default - the Vpc default strategy if not specified
*/
readonly vpcSubnets?: ec2.SubnetSelection;

/**
* A list of IDs of security groups that the lambda function should use
*
* @default - a new security group will be created in the specified VPC
*/
readonly securityGroups?: ec2.ISecurityGroup[];
}

/**
Expand Down Expand Up @@ -500,6 +507,7 @@ export class AwsCustomResource extends Construct implements iam.IGrantable {
functionName: props.functionName,
vpc: props.vpc,
vpcSubnets: props.vpcSubnets,
securityGroups: props.securityGroups,
});
this.grantPrincipal = provider.grantPrincipal;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1317,6 +1317,39 @@ test('vpcSubnets without vpc results in an error', () => {
})).toThrow('Cannot configure \'vpcSubnets\' without configuring a VPC');
});

test('can specify subnets', () => {
// GIVEN
const stack = new cdk.Stack();
const vpc = new ec2.Vpc(stack, 'TestVpc');
const securityGroups = [
new ec2.SecurityGroup(stack, 'Sg1', {
vpc: vpc,
allowAllOutbound: false,
description: 'my security group',
}),
];

// WHEN
new AwsCustomResource(stack, 'AwsSdk', {
onCreate: {
service: 'service',
action: 'action',
physicalResourceId: PhysicalResourceId.of('id'),
},
policy: AwsCustomResourcePolicy.fromSdkCalls({ resources: AwsCustomResourcePolicy.ANY_RESOURCE }),
vpc,
vpcSubnets: { subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS },
securityGroups,
});

// THEN
Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', {
VpcConfig: {
SecurityGroupIds: stack.resolve(securityGroups.map(sg => sg.securityGroupId)),
},
});
});

test.each([
[undefined, true],
[true, true],
Expand Down

0 comments on commit 67ad9fe

Please sign in to comment.