From c24b69b7012b91b61bd116adeaf5b29e6e4d116f Mon Sep 17 00:00:00 2001 From: hemige Date: Tue, 19 Nov 2024 20:10:05 +0000 Subject: [PATCH] feat(custom-resource): support security group --- .../aws-custom-resource.ts | 7 ++++ .../aws-custom-resource.test.ts | 33 +++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/packages/aws-cdk-lib/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts b/packages/aws-cdk-lib/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts index 9000a3fb1d70f..f468ad833ecf0 100644 --- a/packages/aws-cdk-lib/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts +++ b/packages/aws-cdk-lib/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts @@ -417,6 +417,13 @@ export interface AwsCustomResourceProps { * @default - the Vpc default strategy if not specified */ readonly vpcSubnets?: ec2.SubnetSelection; + + /** + * A list of IDs of security groups that the lambda function should use + * + * @default - a new security group will be created in the specified VPC + */ + readonly securityGroups?: ec2.ISecurityGroup[]; } /** diff --git a/packages/aws-cdk-lib/custom-resources/test/aws-custom-resource/aws-custom-resource.test.ts b/packages/aws-cdk-lib/custom-resources/test/aws-custom-resource/aws-custom-resource.test.ts index a000ffed675f7..20634cfe5408b 100644 --- a/packages/aws-cdk-lib/custom-resources/test/aws-custom-resource/aws-custom-resource.test.ts +++ b/packages/aws-cdk-lib/custom-resources/test/aws-custom-resource/aws-custom-resource.test.ts @@ -1207,6 +1207,39 @@ test('can specify VPC', () => { }); }); +test('can specify security group', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'TestVpc'); + const securityGroups = [ + new ec2.SecurityGroup(stack, 'Sg1', { + vpc: vpc, + allowAllOutbound: false, + description: 'my security group', + }), + ]; + + // WHEN + new AwsCustomResource(stack, 'AwsSdk', { + onCreate: { + service: 'service', + action: 'action', + physicalResourceId: PhysicalResourceId.of('id'), + }, + policy: AwsCustomResourcePolicy.fromSdkCalls({ resources: AwsCustomResourcePolicy.ANY_RESOURCE }), + vpc, + vpcSubnets: { subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }, + securityGroups, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', { + VpcConfig: { + SecurityGroupIds: stack.resolve(securityGroups.map(sg => sg.securityGroupId)), + }, + }); +}); + test('specifying public subnets results in a synthesis error', () => { // GIVEN const stack = new cdk.Stack();