UNPKG

serverless-vpc-plugin

Version:

Serverless Plugin to generate a VPC

github.com/smoketurner/serverless-vpc-plugin

smoketurner/serverless-vpc-plugin

95 lines (85 loc) 2.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
const { APP_SUBNET } = require('./constants'); /** * Build a VPCEndpoint * * @param {String} service * @param {Object} params * @return {Object} */ function buildVPCEndpoint(service, { routeTableIds = [], subnetIds = [] } = {}) { const endpoint = { Type: 'AWS::EC2::VPCEndpoint', Properties: { ServiceName: { 'Fn::Sub': `com.amazonaws.\${AWS::Region}.${service}`, }, VpcId: { Ref: 'VPC', }, }, }; // @see https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html if (service === 's3' || service === 'dynamodb') { endpoint.Properties.VpcEndpointType = 'Gateway'; endpoint.Properties.RouteTableIds = routeTableIds; endpoint.Properties.PolicyDocument = { Statement: [ { Effect: 'Allow', Principal: '*', Resource: '*', }, ], }; if (service === 's3') { endpoint.Properties.PolicyDocument.Statement[0].Action = 's3:*'; } else if (service === 'dynamodb') { endpoint.Properties.PolicyDocument.Statement[0].Action = 'dynamodb:*'; } } else { endpoint.Properties.VpcEndpointType = 'Interface'; endpoint.Properties.SubnetIds = subnetIds; endpoint.Properties.PrivateDnsEnabled = true; endpoint.Properties.SecurityGroupIds = [ { Ref: 'AppSecurityGroup', }, ]; } const parts = service.split(/[-_.]/g); parts.push('VPCEndpoint'); const cfName = parts.map((part) => part.charAt(0).toUpperCase() + part.slice(1)).join(''); return { [cfName]: endpoint, }; } /** * Build VPC endpoints for a given number of services and zones * * @param {Array} services Array of VPC endpoint services * @param {Number} numZones Number of availability zones * @return {Object} */ function buildEndpointServices(services = [], numZones = 0) { if (!Array.isArray(services) || services.length < 1) { return {}; } if (numZones < 1) { return {}; } const subnetIds = []; const routeTableIds = []; for (let i = 1; i <= numZones; i += 1) { subnetIds.push({ Ref: `${APP_SUBNET}Subnet${i}` }); routeTableIds.push({ Ref: `${APP_SUBNET}RouteTable${i}` }); } const resources = {}; services.forEach((service) => { Object.assign(resources, buildVPCEndpoint(service, { routeTableIds, subnetIds })); }); return resources; } module.exports = { buildEndpointServices, buildVPCEndpoint, };