docs(lambda): clarify FunctionOptions.allowAllOutbound property (aws#…

…28367) The following PR adds validation for the case when `allowAllOutbound` and `securityGroups` are specified at the same time in `FunctionOptions`. aws#26528 (aws#27157) According to related issues and discussions, this PR causes existing Lambda deployments to fail. However, since this change has already been merged and I think it is the correct change, I did not fix the validation process but added documentation to clarify the behavior. Relates to aws#28170, aws#27669 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
badmintoncryer · Dec 15, 2023 · 7c62d68 · 7c62d68
1 parent 37be7b9
commit 7c62d68
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/packages/aws-cdk-lib/aws-lambda/lib/function.ts b/packages/aws-cdk-lib/aws-lambda/lib/function.ts
@@ -260,6 +260,9 @@ export interface FunctionOptions extends EventInvokeConfigOptions {
    * If set to false, you must individually add traffic rules to allow the
    * Lambda to connect to network targets.
    *
+   * Do not specify this property if the `securityGroups` or `securityGroup` property is set.
+   * Instead, configure `allowAllOutbound` directly on the security group.
+   *
    * @default true
    */
   readonly allowAllOutbound?: boolean;