Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-cdk-lib/aws-lambda: Add allowAllIpv6Outbound option to lambda function props #30994

Closed
2 tasks
mawallace opened this issue Jul 31, 2024 · 3 comments · Fixed by #31013 or softwaremill/tapir#4137 · May be fixed by NOUIY/aws-solutions-constructs#130, NOUIY/aws-solutions-constructs#131 or NOUIY/aws-solutions-constructs#133
Closed
2 tasks

aws-cdk-lib/aws-lambda: Add allowAllIpv6Outbound option to lambda function props #30994

mawallace opened this issue Jul 31, 2024 · 3 comments · Fixed by #31013 or softwaremill/tapir#4137 · May be fixed by NOUIY/aws-solutions-constructs#130, NOUIY/aws-solutions-constructs#131 or NOUIY/aws-solutions-constructs#133
Assignees
@ashishdhingra
Labels
@aws-cdk/aws-lambda Related to AWS Lambda effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2

Comments

@mawallace
Copy link

Describe the feature

There is already an allowAllOutbound option. It confused my that this did not actually allow all outbound (only all IPv4 outbound), given that there was no corresponding IPv6 option. I think adding the option would make this more clear. It would also mirror the options on security group props.

Use Case

It's nice to be able to define a lambda function without explicitly setting up security groups. This option would allow me to do this when I need to allow outbound IPv6 traffic.

Proposed Solution

It looks like we'd just need to pipe this option through to the security group that gets created (it's already an option on security groups).

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

3.616

Environment details (OS name and version, etc.)

Ubuntu 22.04.4
@mawallace mawallace added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jul 31, 2024
@github-actions github-actions bot added the @aws-cdk/aws-lambda Related to AWS Lambda label Jul 31, 2024
@github-actions github-actions bot mentioned this issue Aug 1, 2024
Closed
@ashishdhingra ashishdhingra self-assigned this Aug 1, 2024
@ashishdhingra ashishdhingra added investigating This issue is being investigated and/or work is in progress to resolve the issue. p2 and removed needs-triage This issue or PR still needs to be triaged. labels Aug 1, 2024
@ashishdhingra
Copy link
Contributor

SecurityGroupProps supports allowAllIpv6Outbound property. The existing Lambda FunctionOptions only supports allowAllOutbound, which is used in configureVpc() while creating a new SecurityGroup here.

@ashishdhingra ashishdhingra removed their assignment Aug 1, 2024
@ashishdhingra ashishdhingra added effort/small Small work item – less than a day of effort and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Aug 1, 2024
@ashishdhingra ashishdhingra self-assigned this Aug 2, 2024
@ashishdhingra ashishdhingra mentioned this issue Aug 2, 2024
Merged
1 task
This was referenced Aug 5, 2024
Closed
Closed
@mergify mergify bot closed this as completed in #31013 Sep 6, 2024
@mergify mergify bot closed this as completed in fa55194 Sep 6, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 6, 2024

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

1 similar comment
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 6, 2024

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 6, 2024
pahud pushed a commit to pahud/aws-cdk that referenced this issue Sep 9, 2024
@ashishdhingra @pahud
feat(lambda): added new property allowAllIpv6Outbound to FunctionOpti…
8cdb0ec 
…ons (aws#31013)

### Issue # (if applicable)

Closes aws#30994.

### Reason for this change
[SecurityGroupProps](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts#L272) supports `allowAllIpv6Outbound` property. The existing Lambda [FunctionOptions](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L146C18-L146C33) only supports [allowAllOutbound](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L296C12-L296C28), which is used in [configureVpc()](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L1464C11-L1464C23) while creating a new `SecurityGroup` [here](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L1503).

### Description of changes
Added new property `allowAllIpv6Outbound` to `FunctionOptions`.

### Description of how you validated changes
Added unit and integration tests.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
xazhao pushed a commit to xazhao/aws-cdk that referenced this issue Sep 12, 2024
@ashishdhingra @xazhao
feat(lambda): added new property allowAllIpv6Outbound to FunctionOpti…
17dfab5 
…ons (aws#31013)

### Issue # (if applicable)

Closes aws#30994.

### Reason for this change
[SecurityGroupProps](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts#L272) supports `allowAllIpv6Outbound` property. The existing Lambda [FunctionOptions](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L146C18-L146C33) only supports [allowAllOutbound](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L296C12-L296C28), which is used in [configureVpc()](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L1464C11-L1464C23) while creating a new `SecurityGroup` [here](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L1503).

### Description of changes
Added new property `allowAllIpv6Outbound` to `FunctionOptions`.

### Description of how you validated changes
Added unit and integration tests.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ashishdhingra ashishdhingra

Labels
@aws-cdk/aws-lambda Related to AWS Lambda effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(lambda): added new property allowAllIpv6Outbound to FunctionOptions ashishdhingra/aws-cdk
[Snyk] Upgrade aws-cdk-lib from 2.80.0 to 2.162.1 softwaremill/tapir
[Snyk] Upgrade @aws-cdk/cloudformation-diff from 2.99.1 to 2.157.0 NOUIY/aws-solutions-constructs
[Snyk] Upgrade aws-cdk from 2.99.1 to 2.157.0 NOUIY/aws-solutions-constructs
[Snyk] Upgrade @aws-cdk/cloudformation-diff from 2.99.1 to 2.158.0 NOUIY/aws-solutions-constructs
[Snyk] Upgrade aws-cdk from 2.99.1 to 2.158.0 NOUIY/aws-solutions-constructs
[Snyk] Upgrade aws-cdk-lib from 2.101.0 to 2.160.0 ajobayer/aws-secure-environment-accelerator
[Snyk] Upgrade @aws-cdk/cloudformation-diff from 2.99.1 to 2.162.1 NOUIY/aws-solutions-constructs
[Snyk] Upgrade aws-cdk from 2.99.1 to 2.162.1 NOUIY/aws-solutions-constructs
2 participants
@mawallace @ashishdhingra