diff --git a/ife-lambda/main.tf b/ife-lambda/main.tf index 1c2b4ba..1f65627 100644 --- a/ife-lambda/main.tf +++ b/ife-lambda/main.tf @@ -96,4 +96,9 @@ resource "aws_lambda_function" "ife_lambda_authorizer" { } tags = var.tags + + vpc_config { + subnet_ids = var.lambda_subnet_ids + security_group_ids = var.lambda_security_group_ids + } } diff --git a/ife-lambda/variables.tf b/ife-lambda/variables.tf index a97d0c4..2cf3f12 100644 --- a/ife-lambda/variables.tf +++ b/ife-lambda/variables.tf @@ -22,4 +22,17 @@ variable "tags" { description = "A map of tags to add to all resources" type = map(string) default = {} -} \ No newline at end of file +} + +variable "lambda_subnet_ids" { + description = "VPC subnets for Lambda" + type = list(string) + default = [] +} + +variable "lambda_security_group_ids" { + description = "SG IDs for Lambda, should at least allow all outbound" + type = list(string) + default = [] +} + diff --git a/main.tf b/main.tf index 8579f09..b95dd79 100644 --- a/main.tf +++ b/main.tf @@ -61,8 +61,11 @@ module "ife_authorization_lambda" { env_user_pool_id = module.ife_cognito.cognito_pool_id param_store_client_prefix = local.param_store_client_prefix - lambda_log_retention = local.lambda_log_retention - tags = local.tags + lambda_log_retention = local.lambda_log_retention + lambda_subnet_ids = var.lambda_subnet_ids + lambda_security_group_ids = var.lambda_security_group_ids + + tags = local.tags } @@ -87,4 +90,4 @@ module "ife_api_gateway" { custom_sub_domain = local.api_sub_domain tags = local.tags -} \ No newline at end of file +} diff --git a/variables.tf b/variables.tf index 0e35c09..dbc7345 100644 --- a/variables.tf +++ b/variables.tf @@ -114,3 +114,16 @@ variable "lambda_log_retention" { type = number default = 30 } + +variable "lambda_subnet_ids" { + description = "VPC subnets for Lambda" + type = list(string) + default = [] +} + +variable "lambda_security_group_ids" { + description = "SG IDs for Lambda, should at least allow all outbound" + type = list(string) + default = [] +} +