AWS::Lambda::Function VpcConfig - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::Lambda::Function VpcConfig

The VPC security groups and subnets that are attached to a Lambda function. When you connect a function to a VPC, Lambda creates an elastic network interface for each combination of security group and subnet in the function's VPC configuration. The function can only access resources and the internet through that VPC. For more information, see VPC Settings.

Note

When you delete a function, Amazon CloudFormation monitors the state of its network interfaces and waits for Lambda to delete them before proceeding. If the VPC is defined in the same stack, the network interfaces need to be deleted by Lambda before Amazon CloudFormation can delete the VPC's resources.

To monitor network interfaces, Amazon CloudFormation needs the ec2:DescribeNetworkInterfaces permission. It obtains this from the user or role that modifies the stack. If you don't provide this permission, Amazon CloudFormation does not wait for network interfaces to be deleted.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{ "Ipv6AllowedForDualStack" : Boolean, "SecurityGroupIds" : [ String, ... ], "SubnetIds" : [ String, ... ] }

YAML

Ipv6AllowedForDualStack: Boolean SecurityGroupIds: - String SubnetIds: - String

Properties

Ipv6AllowedForDualStack

Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.

Required: No

Type: Boolean

Update requires: No interruption

SecurityGroupIds

A list of VPC security group IDs.

Required: No

Type: Array of String

Maximum: 5

Update requires: No interruption

SubnetIds

A list of VPC subnet IDs.

Required: No

Type: Array of String

Maximum: 16

Update requires: No interruption

Examples

VPC Configuration

Connect a function to a VPC.

YAML

VpcConfig: SecurityGroupIds: - sg-085912345678492fb SubnetIds: - subnet-071f712345678e7c8 - subnet-07fd123456788a036