Possible to reference a Security Group being created?

[corydorning53]

In my serverless.yml I create the following security group in the resources section:

resources:
  Resources:
      MySecurityGroup:
        Type: AWS::EC2::SecurityGroup
        Properties:
          GroupDescription: Allow all outbound traffic, no inbound for Lambdas
          SecurityGroupEgress:
            - IpProtocol: tcp
              FromPort: 443
              ToPort: 443
              CidrIp: 0.0.0.0/0
          VpcId: ${self:custom.${self:provider.stage}.vpcId}

Then in my functions I reference it as:

functions:
  mylambda:
    handler: api/my.lambda
    runtime: nodejs14.x
    vpc:
      securityGroupIds:
        - Ref: MySecurityGroup

This has the side effect of giving the following configuration warning, even though its not really an issue, because I reference the subnets in the custom.vpcDiscovery:

Serverless: Configuration warning:
Serverless:   at 'functions.myLambda.vpc': should have required property 'subnetIds'

So I was wondering if I could remove the vpc.securityGroupIds altogether and just reference MySecurityGroup in the plugin config:

  vpcDiscovery:
    vpcName: ${self:custom.tk.vpc}
    subnets:
      - tagKey: Name
        tagValues:
          - app_sn_0
          - app_sn_1
          - app_sn_2
    securityGroups:
      - Ref: MySecurityGroup

[missedone]

i have the exact same case, the SG is created with severless framework, i want severless-vpc-discovery plugin discover subnets only.

[corydorning53]

any plans to implement this? asking because if I add configValidationMode: error to my serverless.yml it breaks.

[corydorning]

bumping this issue...as it still persists and serverless v3 has been released.

[rcwsr]

Same issue here, I am also using this plugin to discover subnets of an existing VPC, but defining a security group as a resource and I get the same validation warning.

Bonus, it would also be really nice to get access to the resolved VPC ID from this plugin, so that you don't have to define both a VPC name for auto-discovery and a VPC ID that needs to be referenced in the SG resource.

@corydorning I know it was a year ago now, but did you find a way to work with this?