Functionbeat more granular options for permission when deploying a function and support VPC #9425
Assignees
Labels
Comments
|
Certainly, I am planning to expose the VPC/IAM/Security group at the function level so we can generate then correctly with the cloudformation template. |
ph
changed the title
ph
changed the title
kvch
added a commit
that referenced
this issue
Apr 23, 2019
From now on it is possible to configure permissions in `functionbeat.yml` for the deployed lambda function. Two new options are added: `role` and `virtual_private_cloud`.
```yaml
# Execution role of the function.
role: arn:aws:iam::123456789012:role/MyFunction
```
```yaml
# Connect to private resources in an Amazon VPC.
virtual_private_cloud:
security_group_ids:
- mySecurityGroup
- anotherSecurityGroup
subnet_ids:
- myUniqueID
```
Note: I don't really like the name `virtual_private_cloud` as it's too long. But naming the option `vpc` seems wrong. Do you have any other suggestions?
Closes #9425
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When deploying functionbeat, there needs to be the following flags.
a. subnets for deployment within a VPC
b. specify security groups
c. The IAM role that the cloudformation generates for the lambda will need additional rights that a lambda inside a VPC needs rights to do such things within the lambda accordingly.
I have an elasticsearch cluster that I built that's 100% within a VPC and will stay that way. Right now, I can go ahead and manually put in changes after the lambda is deployed, but i'd imagine this is a requirement.
The text was updated successfully, but these errors were encountered: