Allow to deploy Lambda inside VPC

config/sidecar.php

@@ -81,4 +81,14 @@
      * See CreateExecutionRole::policy for the IAM policy.
      */
     'execution_role' => env('SIDECAR_EXECUTION_ROLE'),
+
+    /*
+     * This is the VPC Configuration for Lambda. VPCs are optional
+     * and may be left empty if there are no networking needs
+     * to place sidecar lambda functions inside a VPC.
+     */
+    'vpc' => [
+        'security_groups' => env('SIDECAR_VPC_SECURITY_GROUP'),
+        'subnets' => env('SIDECAR_VPC_SUBNETS'),
+    ]
 ];

src/LambdaFunction.php

@@ -312,6 +312,29 @@ public function timeout()
         return config('sidecar.timeout');
     }
 
+    /**
+     * Lambda Function VPC Configuration. This option is often used to place
+     * functions within a VPC for accessibility to private RDS or
+     * Elasticache instances that are not publicly accessible.
+     *
+     * @return null|array
+     */
+    public function vpc()
+    {
+        $subnets = config('sidecar.vpc.subnets');
+
+        $sg = config('sidecar.vpc.security_group');
+
+        if ($subnets && $sg) {
+            return [
+                'SecurityGroupIds' => Arr::wrap($sg),
+                'SubnetIds' => Arr::wrap($subnets),
+            ];
+        }
+
+        return null;
+    }
+
     public function preparePayload($payload)
     {
         return $payload;
@@ -395,7 +418,8 @@ public function toDeploymentArray()
             'Layers' => $this->layers(),
             'Publish' => true,
             'PackageType' => $this->packageType(),
-            'Architectures' => [$this->architecture()]
+            'Architectures' => [$this->architecture()],
+            'VpcConfig' => $this->vpc(),
         ];
 
         // For container image packages, we need to remove the Runtime
@@ -405,6 +429,13 @@ public function toDeploymentArray()
             $config = Arr::except($config, ['Runtime', 'Handler']);
         }
 
+        // Vpc Configuration is optional so let's delete it
+        // from the final configuration if the user did
+        // not opt to define a VPC.
+        if ($config['VpcConfig'] === null) {
+            unset($config['VpcConfig']);
+        }
+
         return $config;
     }
 }

tests/Unit/FunctionTest.php

@@ -35,4 +35,37 @@ public function memory_and_timeout_get_cast_to_ints()
         $this->assertSame(5, $array['Timeout']);
         $this->assertSame(500, $array['MemorySize']);
     }
+
+    /** @test */
+    public function test_lambda_function_inside_vpc()
+    {
+        config([
+            'sidecar.vpc' => [
+                'security_group' => ['sg-12345678'],
+                'subnets' => ['subnet-e000ab00'],
+            ],
+        ]);
+
+        $array = (new EmptyTestFunction)->toDeploymentArray();
+
+        $this->assertSame('sg-12345678', $array['VpcConfig']['SecurityGroupIds'][0]);
+        $this->assertSame('subnet-e000ab00', $array['VpcConfig']['SubnetIds'][0]);
+    }
+
+    /** @test */
+    public function test_let_user_define_single_subnet_and_sg()
+    {
+        config([
+            'sidecar.vpc' => [
+                'security_group' => 'sg-12345678',
+                'subnets' => 'subnet-e000ab00',
+            ],
+        ]);
+
+        $array = (new EmptyTestFunction)->toDeploymentArray();
+
+        $this->assertSame('sg-12345678', $array['VpcConfig']['SecurityGroupIds'][0]);
+        $this->assertSame('subnet-e000ab00', $array['VpcConfig']['SubnetIds'][0]);
+    }
+
 }