Add VPC

Author: mnapoli

src/function/PhpFpmFunction.ts

@@ -1,7 +1,7 @@
 import { Function, FunctionProps, Runtime } from 'aws-cdk-lib/aws-lambda';
 import { Duration, Stack } from 'aws-cdk-lib';
 import { Construct } from 'constructs';
-import { functionDefaults } from './defaults';
+import { functionDefaults, vpcDefaults } from './defaults';
 import { fpmLayer } from '../layers';
 import { packagePhpCode } from '../package';
 
@@ -26,6 +26,7 @@ export class PhpFpmFunction extends Function {
 
         super(scope, id, {
             ...defaults,
+            ...vpcDefaults(props.vpc),
             // Provided props override defaults
             ...props,
             // But we force the layers to an empty array because we define them below

src/function/PhpFunction.ts

@@ -1,13 +1,16 @@
 import { Function, FunctionProps, Runtime } from 'aws-cdk-lib/aws-lambda';
 import { Duration, Stack } from 'aws-cdk-lib';
 import { Construct } from 'constructs';
-import { functionDefaults } from './defaults';
+import { functionDefaults, vpcDefaults } from './defaults';
 import { functionLayer } from '../layers';
 import { packagePhpCode } from '../package';
+import { IVpc } from 'aws-cdk-lib/aws-ec2';
+import { VpcForServerlessApp } from '../vpc/VpcForServerlessApp';
 
 export type PhpFunctionProps = Partial<FunctionProps> & {
     phpVersion?: '8.0' | '8.1' | '8.2';
     handler: string;
+    vpc: IVpc | VpcForServerlessApp;
 };
 
 export class PhpFunction extends Function {
@@ -24,6 +27,7 @@ export class PhpFunction extends Function {
 
         super(scope, id, {
             ...defaults,
+            ...vpcDefaults(props.vpc),
             // Provided props override defaults
             ...props,
             // But we force the layers to an empty array because we define them below

src/function/defaults.ts

@@ -1,7 +1,30 @@
+import { IVpc, SecurityGroup, SubnetSelection, SubnetType } from 'aws-cdk-lib/aws-ec2';
+import { VpcForServerlessApp } from '../vpc/VpcForServerlessApp';
+
 export const functionDefaults = {
     path: process.cwd(),
     phpVersion: '8.1',
     memorySize: 1024,
     platform: 'x86',
     excludedPhpPaths: ['.git', '.idea', 'cdk.out', 'node_modules', '.bref', '.serverless', 'tests'],
 } as const;
+
+export function vpcDefaults(vpc?: IVpc):
+    | Record<string, never>
+    | {
+          vpc: IVpc;
+          securityGroups: SecurityGroup[];
+          vpcSubnets: SubnetSelection;
+      } {
+    if (vpc instanceof VpcForServerlessApp) {
+        // Automatically set the security group and subnets
+        return {
+            vpc: vpc,
+            securityGroups: [vpc.appSecurityGroup],
+            vpcSubnets: {
+                subnetType: SubnetType.PRIVATE_WITH_EGRESS,
+            },
+        };
+    }
+    return {};
+}

src/vpc/VpcForServerlessApp.ts

@@ -0,0 +1,39 @@
+import { SecurityGroup, SubnetType, Vpc, VpcProps } from 'aws-cdk-lib/aws-ec2';
+import { Construct } from 'constructs';
+
+export class VpcForServerlessApp extends Vpc {
+    public readonly appSecurityGroup: SecurityGroup;
+
+    constructor(scope: Construct, id: string, props?: VpcProps) {
+        const defaults: VpcProps = {
+            maxAzs: 1,
+            subnetConfiguration: [
+                {
+                    cidrMask: 24,
+                    name: 'Public',
+                    subnetType: SubnetType.PUBLIC,
+                },
+                // For Lambda
+                {
+                    cidrMask: 24,
+                    name: 'App',
+                    subnetType: SubnetType.PRIVATE_WITH_EGRESS,
+                },
+                // For private services like databases
+                {
+                    cidrMask: 28,
+                    name: 'Isolated',
+                    subnetType: SubnetType.PRIVATE_ISOLATED,
+                },
+            ],
+        };
+        super(scope, id, { ...defaults, ...props });
+
+        this.appSecurityGroup = new SecurityGroup(this, 'AppSecurityGroup', {
+            vpc: this,
+            description: 'Security group for Lambda functions',
+            allowAllOutbound: true,
+            allowAllIpv6Outbound: true,
+        });
+    }
+}

test/vpc/VpcForServerlessApp.test.ts

@@ -0,0 +1,13 @@
+import { describe, expect, it } from 'vitest';
+import { cleanupTemplate, compileTestStack } from '../helper';
+import { VpcForServerlessApp } from '../../src';
+
+describe('VpcForServerlessApp', () => {
+    it('builds', () => {
+        const template = compileTestStack((stack) => {
+            new VpcForServerlessApp(stack, 'Vpc');
+        }).toJSON();
+
+        expect(cleanupTemplate(template).Resources).toMatchSnapshot();
+    });
+});