AWSTemplateFormatVersion: 2010-09-09 Description: An interface VPC Endpoint to Lambda Transform: AWS::Serverless-2016-10-31 Parameters: DeploymentName: Type: String Description: A name for this deployment VpcEndpointSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow HTTP on port 80 VpcId: {Fn::ImportValue: !Sub "${DeploymentName}-VpcId"} SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 SourceSecurityGroupId: !Ref AlbSecurityGroup Tags: - Key: Name Value: !Ref AWS::StackName VpcEndpointLambda: Type: AWS::EC2::VPCEndpoint Properties: PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: "*" Action: - "lambda:*" Resource: - !GetAtt HelloWorldFunction.Arn SecurityGroupIds: - !Ref VpcEndpointSecurityGroup ServiceName: !Sub "com.amazonaws.${AWS::Region}.lambda" SubnetIds: - Fn::ImportValue: !Sub "${DeploymentName}-PrivateSubnet1" - Fn::ImportValue: !Sub "${DeploymentName}-PrivateSubnet2" VpcEndpointType: Interface VpcId: {Fn::ImportValue: !Sub "${DeploymentName}-VpcId"}