Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lambda appears in all possible subnets instead of only its own #16

Open
Kkameleon opened this issue Dec 21, 2023 · 1 comment
Open

Lambda appears in all possible subnets instead of only its own #16

Kkameleon opened this issue Dec 21, 2023 · 1 comment
Assignees
@fmalk
Labels
bug Something isn't working

Comments

@Kkameleon
Copy link

I get

@startuml 

!define AWSPuml https://raw.githubusercontent.com/awslabs/aws-icons-for-plantuml/v14.0/dist
!include AWSPuml/AWSCommon.puml
!include AWSPuml/Groups/all.puml
!include AWSPuml/Containers/all.puml
!include AWSPuml/Database/all.puml
!include AWSPuml/Compute/all.puml
!include AWSPuml/General/all.puml
!include AWSPuml/SecurityIdentityCompliance/all.puml
!include AWSPuml/Storage/all.puml
!include AWSPuml/NetworkingContentDelivery/all.puml

' define custom group for Amazon S3 bucket
AWSGroupColoring(S3BucketGroup, #FFFFFF, AWS_COLOR_GREEN, plain)
!define S3BucketGroup(g_alias, g_label="S3 Buckets") AWSGroupEntity(g_alias, g_label, AWS_COLOR_GREEN, SimpleStorageService, S3BucketGroup)
' define custom group for IAM
AWSGroupColoring(IAMGroup, #FFFFFF, AWS_COLOR_RED, plain)
!define IAMGroup(g_alias, g_label="Identity Access Management (IAM)") AWSGroupEntity(g_alias, g_label, AWS_COLOR_RED, IdentityandAccessManagement, IAMGroup)

' Groups are rectangles with a custom style using stereotype - need to hide
hide stereotype
skinparam linetype ortho
skinparam rectangle {
    BackgroundColor transparent
    BorderColor transparent
}

AWSCloudGroup("aws", "AWS") {
  S3BucketGroup("s3", "S3") {
    rectangle "$SimpleStorageServiceBucketIMG()\nmy-bucket" as s3_0
  }
  RegionGroup("eu_west_2", "Region eu-west-2") {
    VPCGroup("vpc_0009be1c376538d6a", "VPC Main VPC") {
      rectangle "$VPCInternetGatewayIMG()\nInternet Gateway\nInternet Gateway" as igw_0dc67a37c3a5b229d
      AvailabilityZoneGroup("vpc_0009be1c376538d6a_eu_west_2a", "AZ eu-west-2a") {
        PrivateSubnetGroup("subnet_06bd6f307e56b7e29", "Pvt Subnet\nGlue Subnet zone 1\n10.20.31.0/24") {
          rectangle "$LambdaLambdaFunctionIMG()\nLambda data_exporter\npython3.9" as data_exporter
        }
        PrivateSubnetGroup("subnet_0bd563a3f51d19d05", "Pvt Subnet\nLambda Subnet zone 1\n10.20.21.0/24") {
          rectangle "$LambdaLambdaFunctionIMG()\nLambda data_exporter\npython3.9" as data_exporter
        }
        PrivateSubnetGroup("subnet_0e45d8608d385cdf1", "Pvt Subnet\nPrivate Subnet Application 1, zone 1\n10.20.11.0/24") {
          rectangle "$EC2T2InstanceIMG()\nFirst application ec2 zone 1\nt2.micro\n10.20.11.95" as i_01b5a0b8080caf5c4
          rectangle "$LambdaLambdaFunctionIMG()\nLambda data_exporter\npython3.9" as data_exporter
        }
        PrivateSubnetGroup("subnet_04481ddc904eafec9", "Pvt Subnet\nPublic subnet\n10.20.1.0/24") {
          rectangle "$VPCNATGatewayIMG()\nNAT Gateway\nNAT Gateway\n10.20.1.227\n18.135.89.194" as nat_01730e1fe51a5824d
          rectangle "$LambdaLambdaFunctionIMG()\nLambda data_exporter\npython3.9" as data_exporter
        }
      }
      AvailabilityZoneGroup("vpc_0009be1c376538d6a_eu_west_2b", "AZ eu-west-2b") {
        PrivateSubnetGroup("subnet_0eec7d1ef5ffb7710", "Pvt Subnet\nGlue Subnet zone 2\n10.20.32.0/24") {
          rectangle "$LambdaLambdaFunctionIMG()\nLambda data_exporter\npython3.9" as data_exporter
        }
        PrivateSubnetGroup("subnet_075cb18cf1a5c6bba", "Pvt Subnet\nPrivate Subnet Application 1, zone 2\n10.20.12.0/24") {
          rectangle "$LambdaLambdaFunctionIMG()\nLambda data_exporter\npython3.9" as data_exporter
        }
        PrivateSubnetGroup("subnet_03b0040d77b86090a", "Pvt Subnet\nPublic subnet\n10.20.2.0/24") {
          rectangle "$LambdaLambdaFunctionIMG()\nLambda data_exporter\npython3.9" as data_exporter
        }
      }
    }
  }
}
@enduml

instead of

`@startuml 

!define AWSPuml https://raw.githubusercontent.com/awslabs/aws-icons-for-plantuml/v14.0/dist
!include AWSPuml/AWSCommon.puml
!include AWSPuml/Groups/all.puml
!include AWSPuml/Containers/all.puml
!include AWSPuml/Database/all.puml
!include AWSPuml/Compute/all.puml
!include AWSPuml/General/all.puml
!include AWSPuml/SecurityIdentityCompliance/all.puml
!include AWSPuml/Storage/all.puml
!include AWSPuml/NetworkingContentDelivery/all.puml

' define custom group for Amazon S3 bucket
AWSGroupColoring(S3BucketGroup, #FFFFFF, AWS_COLOR_GREEN, plain)
!define S3BucketGroup(g_alias, g_label="S3 Buckets") AWSGroupEntity(g_alias, g_label, AWS_COLOR_GREEN, SimpleStorageService, S3BucketGroup)
' define custom group for IAM
AWSGroupColoring(IAMGroup, #FFFFFF, AWS_COLOR_RED, plain)
!define IAMGroup(g_alias, g_label="Identity Access Management (IAM)") AWSGroupEntity(g_alias, g_label, AWS_COLOR_RED, IdentityandAccessManagement, IAMGroup)

' Groups are rectangles with a custom style using stereotype - need to hide
hide stereotype
skinparam linetype ortho
skinparam rectangle {
    BackgroundColor transparent
    BorderColor transparent
}

AWSCloudGroup("aws", "AWS") {
  S3BucketGroup("s3", "S3") {
    rectangle "$SimpleStorageServiceBucketIMG()\nmy-bucket" as s3_0
  }
  RegionGroup("eu_west_2", "Region eu-west-2") {
    VPCGroup("vpc_0009be1c376538d6a", "VPC Main VPC") {
      rectangle "$VPCInternetGatewayIMG()\nInternet Gateway\nInternet Gateway" as igw_0dc67a37c3a5b229d
      AvailabilityZoneGroup("vpc_0009be1c376538d6a_eu_west_2a", "AZ eu-west-2a") {
        PrivateSubnetGroup("subnet_06bd6f307e56b7e29", "Pvt Subnet\nGlue Subnet zone 1\n10.20.31.0/24") {
        }
        PrivateSubnetGroup("subnet_0bd563a3f51d19d05", "Pvt Subnet\nLambda Subnet zone 1\n10.20.21.0/24") {
          rectangle "$LambdaLambdaFunctionIMG()\nLambda data_exporter\npython3.9" as data_exporter
        }
        PrivateSubnetGroup("subnet_0e45d8608d385cdf1", "Pvt Subnet\nPrivate Subnet Application 1, zone 1\n10.20.11.0/24") {
          rectangle "$EC2T2InstanceIMG()\nFirst application ec2 zone 1\nt2.micro\n10.20.11.95" as i_01b5a0b8080caf5c4
        }
        PrivateSubnetGroup("subnet_04481ddc904eafec9", "Pvt Subnet\nPublic subnet\n10.20.1.0/24") {
          rectangle "$VPCNATGatewayIMG()\nNAT Gateway\nNAT Gateway\n10.20.1.227\n18.135.89.194" as nat_01730e1fe51a5824d
        }
      }
      AvailabilityZoneGroup("vpc_0009be1c376538d6a_eu_west_2b", "AZ eu-west-2b") {
        PrivateSubnetGroup("subnet_0eec7d1ef5ffb7710", "Pvt Subnet\nGlue Subnet zone 2\n10.20.32.0/24") {
        }
        PrivateSubnetGroup("subnet_075cb18cf1a5c6bba", "Pvt Subnet\nPrivate Subnet Application 1, zone 2\n10.20.12.0/24") {
        }
        PrivateSubnetGroup("subnet_03b0040d77b86090a", "Pvt Subnet\nPublic subnet\n10.20.2.0/24") {
        }
      }
    }
  }
}
@enduml

My lambda is defined like this:

resource "aws_lambda_function" "data_exporter" {
  function_name = "data_exporter"
  role          = aws_iam_role.lambda_role.arn
  handler       = "${var.lf_exporter_name}.lambda_handler"
  runtime       = var.python_version

  filename         = data.archive_file.lambda_zip.output_path
  source_code_hash = filebase64sha256(data.archive_file.lambda_zip.output_path)

  layers = [var.arn_lambda_layer]

  vpc_config {
    subnet_ids         = [aws_subnet.lambda_zone_1.id]
    security_group_ids = [aws_security_group.lambda_sg.id]
  }

  tags = merge(
    var.tags,
    {
      Name = "Lambda ${var.lf_exporter_name} function"
    }
  )
}

In the terraform.tfstate, I see for the lambda function:

"vpc_config": [
  {
    "security_group_ids": [
      "sg-XXX"
    ],
    "subnet_ids": [
      "subnet-XXX"
    ],
    "vpc_id": "vpc-XXX"
  }
]
@fmalk fmalk self-assigned this Jan 25, 2024
@fmalk fmalk added the bug Something isn't working label Jan 25, 2024
@fmalk
Copy link
Owner

fmalk commented Jan 25, 2024

I'll take a look. Thanks for bringing it up.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fmalk fmalk

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fmalk @Kkameleon