Skip to content

Commit

Permalink
Merge branch 'master' into bump-cfnspec/v35.2.0
Browse files Browse the repository at this point in the history
  • Loading branch information
mergify[bot] authored May 11, 2021
2 parents f108ae8 + 10a633c commit ac08021
Show file tree
Hide file tree
Showing 3 changed files with 87 additions and 1 deletion.
20 changes: 20 additions & 0 deletions packages/@aws-cdk/aws-lambda/lib/function.ts
Original file line number Diff line number Diff line change
Expand Up @@ -701,10 +701,30 @@ export class Function extends FunctionBase {
this.currentVersionOptions = props.currentVersionOptions;

if (props.filesystem) {
if (!props.vpc) {
throw new Error('Cannot configure \'filesystem\' without configuring a VPC.');
}
const config = props.filesystem.config;
if (config.dependency) {
this.node.addDependency(...config.dependency);
}
// There could be a race if the Lambda is used in a CustomResource. It is possible for the Lambda to
// fail to attach to a given FileSystem if we do not have a dependency on the SecurityGroup ingress/egress
// rules that were created between this Lambda's SG & the Filesystem SG.
this.connections.securityGroups.forEach(sg => {
sg.node.findAll().forEach(child => {
if (child instanceof CfnResource && child.cfnResourceType === 'AWS::EC2::SecurityGroupEgress') {
resource.node.addDependency(child);
}
});
});
config.connections?.securityGroups.forEach(sg => {
sg.node.findAll().forEach(child => {
if (child instanceof CfnResource && child.cfnResourceType === 'AWS::EC2::SecurityGroupIngress') {
resource.node.addDependency(child);
}
});
});
}
}

Expand Down
64 changes: 64 additions & 0 deletions packages/@aws-cdk/aws-lambda/test/function.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1841,6 +1841,7 @@ describe('function', () => {
const accessPoint = fs.addAccessPoint('AccessPoint');
// WHEN
new lambda.Function(stack, 'MyFunction', {
vpc,
handler: 'foo',
runtime: lambda.Runtime.NODEJS_12_X,
code: lambda.Code.fromAsset(path.join(__dirname, 'handler.zip')),
Expand Down Expand Up @@ -1879,6 +1880,69 @@ describe('function', () => {
],
});
});

test('throw error mounting efs with no vpc', () => {
// GIVEN
const stack = new cdk.Stack();
const vpc = new ec2.Vpc(stack, 'Vpc', {
maxAzs: 3,
natGateways: 1,
});

const fs = new efs.FileSystem(stack, 'Efs', {
vpc,
});
const accessPoint = fs.addAccessPoint('AccessPoint');

// THEN
expect(() => {
new lambda.Function(stack, 'MyFunction', {
handler: 'foo',
runtime: lambda.Runtime.NODEJS_12_X,
code: lambda.Code.fromAsset(path.join(__dirname, 'handler.zip')),
filesystem: lambda.FileSystem.fromEfsAccessPoint(accessPoint, '/mnt/msg'),
});
}).toThrow();
});

test('verify deps when mounting efs', () => {
// GIVEN
const stack = new cdk.Stack();
const vpc = new ec2.Vpc(stack, 'Vpc', {
maxAzs: 3,
natGateways: 1,
});
const securityGroup = new ec2.SecurityGroup(stack, 'LambdaSG', {
vpc,
allowAllOutbound: false,
});

const fs = new efs.FileSystem(stack, 'Efs', {
vpc,
});
const accessPoint = fs.addAccessPoint('AccessPoint');
// WHEN
new lambda.Function(stack, 'MyFunction', {
vpc,
handler: 'foo',
securityGroups: [securityGroup],
runtime: lambda.Runtime.NODEJS_12_X,
code: lambda.Code.fromAsset(path.join(__dirname, 'handler.zip')),
filesystem: lambda.FileSystem.fromEfsAccessPoint(accessPoint, '/mnt/msg'),
});

// THEN
expect(stack).toHaveResource('AWS::Lambda::Function', {
DependsOn: [
'EfsEfsMountTarget195B2DD2E',
'EfsEfsMountTarget2315C927F',
'EfsEfsSecurityGroupfromLambdaSG20491B2F751D',
'LambdaSGtoEfsEfsSecurityGroupFCE2954020499719694A',
'MyFunctionServiceRoleDefaultPolicyB705ABD4',
'MyFunctionServiceRole3C357FF2',
],
}, ResourcePart.CompleteDefinition);
});
});

describe('code config', () => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -801,6 +801,7 @@
"EfsEfsMountTarget195B2DD2E",
"EfsEfsMountTarget2315C927F",
"EfsEfsMountTarget36646B9A0",
"EfsEfsSecurityGroupfromawscdklambda1MyLambdaSecurityGroup86B085EE20490D9864A8",
"MyLambdaServiceRoleDefaultPolicy5BBC6F68",
"MyLambdaServiceRole4539ECB6"
]
Expand Down Expand Up @@ -1048,7 +1049,8 @@
"MyLambdaServiceRoleDefaultPolicy5BBC6F68",
"MyLambdaServiceRole4539ECB6",
"MyLambda2ServiceRoleDefaultPolicy2BECE79D",
"MyLambda2ServiceRoleD09B370C"
"MyLambda2ServiceRoleD09B370C",
"securityGroupfromawscdklambda1MyLambda2SecurityGroup7492F70D20498301D9D2"
]
}
}
Expand Down

0 comments on commit ac08021

Please sign in to comment.