Is anyone using vpc_config?

Hi guys,

We’re trying to deploy our endpoints and they need to connect to a RDS database under a VPC.

The issue is, when we try to add the vpc_config with security_group_ids and subnet_ids, it fails to create the lambdas.

We tried also to set a config.function.role with VPC permission but it’s still failing without a clear error message.

Is anyone having the same issue?

Thanks

Know this person was using vpc_config Error after activate VPC in a Rails app: "errorType": "Init<Seahorse::Client::NetworkingError>", His issue was resolved by adding NAT Gateways to his private subnets. Essentially, that subnets that you are configuring need access to the internet. It needs this because the functions need to communicate with the AWS Lambda service.

Can we set up VPC config within Jets and have jets deploy set them in the Lambda?
I notice that a jets deploy can take away the VPC settings, and post-deploy I have to manually set these.

Also, if jets deploy supported this, we could spin up a new stack easily.

Believe vpc_config is a function property. So should be able to set it with Jets Function Properties

1 Like

Thank you! - worked like a charm.
I used properties

properties(vpc_config: {
“SecurityGroupIds” => [ “xxxxxxxx” ],
“SubnetIds” => [ “aaaa”, “bbbb”, “cccc” ]
})

1 Like

Cool. You should also be able to use the convenience vpc_config method to make it a little more concise.

vpc_config(
  security_group_ids: [ "xxxxxxxx" ],
  subnet_ids: [ "aaaa", "bbbb", "cccc" ]
)
1 Like

Same thing for me. Although the security_group_ids and subnet_ids exist on AWS, the deploy fails and can’t understood the reason with the message from CloudFormation. Any ideas @tongueroo?

I had the issue with the autogenerated iamrole used for deploy did not have enough permission.
This is being described here. Not sure if it’s the same issue as this was in Jun 2020. I can confirm it being an issue on jets 2.3.18.
I solved it as follows:
Add the policy named AWSLambdaVPCAccessExecutionRole manually.

Related

https://community.rubyonjets.com/t/execution-role-does-not-have-permissions-to-call-createnetworkinterface-on-ec2/580/3

For posterity, fixed in Jets v3