Lambda VPC config (#5)

* lambda vpc subnets and security groups configuration added

ife-lambda/main.tf

@@ -96,4 +96,9 @@ resource "aws_lambda_function" "ife_lambda_authorizer" {
   }
 
   tags = var.tags
+
+  vpc_config {
+    subnet_ids         = var.lambda_subnet_ids
+    security_group_ids = var.lambda_security_group_ids
+  }
 }

ife-lambda/variables.tf

@@ -22,4 +22,17 @@ variable "tags" {
   description = "A map of tags to add to all resources"
   type        = map(string)
   default     = {}
-}
+}
+
+variable "lambda_subnet_ids" {
+  description = "VPC subnets for Lambda"
+  type        = list(string)
+  default     = []
+}
+
+variable "lambda_security_group_ids" {
+  description = "SG IDs for Lambda, should at least allow all outbound"
+  type        = list(string)
+  default     = []
+}
+

main.tf

@@ -61,8 +61,11 @@ module "ife_authorization_lambda" {
   env_user_pool_id          = module.ife_cognito.cognito_pool_id
   param_store_client_prefix = local.param_store_client_prefix
 
-  lambda_log_retention = local.lambda_log_retention
-  tags                 = local.tags
+  lambda_log_retention      = local.lambda_log_retention
+  lambda_subnet_ids         = var.lambda_subnet_ids
+  lambda_security_group_ids = var.lambda_security_group_ids
+
+  tags = local.tags
 }
 
 
@@ -87,4 +90,4 @@ module "ife_api_gateway" {
   custom_sub_domain    = local.api_sub_domain
 
   tags = local.tags
-}
+}

variables.tf

@@ -114,3 +114,16 @@ variable "lambda_log_retention" {
   type        = number
   default     = 30
 }
+
+variable "lambda_subnet_ids" {
+  description = "VPC subnets for Lambda"
+  type        = list(string)
+  default     = []
+}
+
+variable "lambda_security_group_ids" {
+  description = "SG IDs for Lambda, should at least allow all outbound"
+  type        = list(string)
+  default     = []
+}
+