docs(lambda): clarify FunctionOptions.allowAllOutbound property (#28367)

sakurai-ryo · web-flow · commit 7c62d6809cbd · 2023-12-15T01:47:00.000Z
The following PR adds validation for the case when `allowAllOutbound` and `securityGroups` are specified at the same time in `FunctionOptions`. #26528 (#27157) According to related issues and discussions, this PR causes existing Lambda deployments to fail. However, since this change has already been merged and I think it is the correct change, I did not fix the validation process but added documentation to clarify the behavior. Relates to #28170, #27669 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
diff --git a/packages/aws-cdk-lib/aws-lambda/lib/function.ts b/packages/aws-cdk-lib/aws-lambda/lib/function.ts
@@ -260,6 +260,9 @@ export interface FunctionOptions extends EventInvokeConfigOptions {
    * If set to false, you must individually add traffic rules to allow the
    * Lambda to connect to network targets.
    *
+   * Do not specify this property if the `securityGroups` or `securityGroup` property is set.
+   * Instead, configure `allowAllOutbound` directly on the security group.
+   *
    * @default true
    */
   readonly allowAllOutbound?: boolean;
