From 033683505c531ad5a43f25d740fa7787f22b63fb Mon Sep 17 00:00:00 2001
From: gj0dcsa <135594855+gj0dcsa@users.noreply.github.com>
Date: Sun, 17 Nov 2024 19:37:12 +0100
Subject: [PATCH] SD-1760 Lambdas making all outbound API calls through the
 static IP of a VPC NAT gateway

---
 .../org/dcsa/conformance/cdk/ConformanceStack.java | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/cdk/src/main/java/org/dcsa/conformance/cdk/ConformanceStack.java b/cdk/src/main/java/org/dcsa/conformance/cdk/ConformanceStack.java
index 62c98980..e8ed935c 100644
--- a/cdk/src/main/java/org/dcsa/conformance/cdk/ConformanceStack.java
+++ b/cdk/src/main/java/org/dcsa/conformance/cdk/ConformanceStack.java
@@ -54,6 +54,9 @@
 import software.amazon.awscdk.services.dynamodb.BillingMode;
 import software.amazon.awscdk.services.dynamodb.Table;
 import software.amazon.awscdk.services.dynamodb.TableProps;
+import software.amazon.awscdk.services.ec2.SubnetSelection;
+import software.amazon.awscdk.services.ec2.SubnetType;
+import software.amazon.awscdk.services.ec2.Vpc;
 import software.amazon.awscdk.services.iam.ManagedPolicy;
 import software.amazon.awscdk.services.iam.Policy;
 import software.amazon.awscdk.services.iam.PolicyProps;
@@ -141,6 +144,8 @@ public ConformanceStack(
                 .billingMode(BillingMode.PAY_PER_REQUEST)
                 .build());
 
+    Vpc vpc = Vpc.Builder.create(this, prefix + "ConformanceVpc").maxAzs(1).natGateways(1).build();
+
     AssetCode assetCode =
         Code.fromAsset(
             "../lambda/",
@@ -175,6 +180,9 @@ public ConformanceStack(
                 .runtime(Runtime.JAVA_21)
                 .code(assetCode)
                 .handler("org.dcsa.conformance.lambda.SandboxTaskLambda")
+                .vpc(vpc)
+                .vpcSubnets(
+                    SubnetSelection.builder().subnetType(SubnetType.PRIVATE_WITH_EGRESS).build())
                 .memorySize(1024)
                 .timeout(Duration.minutes(5))
                 .reservedConcurrentExecutions(16)
@@ -190,6 +198,9 @@ public ConformanceStack(
                 .runtime(Runtime.JAVA_21)
                 .code(assetCode)
                 .handler("org.dcsa.conformance.lambda.ApiLambda")
+                .vpc(vpc)
+                .vpcSubnets(
+                    SubnetSelection.builder().subnetType(SubnetType.PRIVATE_WITH_EGRESS).build())
                 .memorySize(1024)
                 .timeout(Duration.minutes(5))
                 .reservedConcurrentExecutions(16)
@@ -205,6 +216,9 @@ public ConformanceStack(
                 .runtime(Runtime.JAVA_21)
                 .code(assetCode)
                 .handler("org.dcsa.conformance.lambda.WebuiLambda")
+                .vpc(vpc)
+                .vpcSubnets(
+                    SubnetSelection.builder().subnetType(SubnetType.PRIVATE_WITH_EGRESS).build())
                 .memorySize(1024)
                 .timeout(Duration.minutes(5))
                 .reservedConcurrentExecutions(16)