feat(lambda): add ipv6AllowedForDualStack for lambda function

packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.vpc-lambda.ts

@@ -1,6 +1,7 @@
 import * as ec2 from 'aws-cdk-lib/aws-ec2';
 import * as cdk from 'aws-cdk-lib';
 import * as lambda from 'aws-cdk-lib/aws-lambda';
+import * as integ from '@aws-cdk/integ-tests-alpha';
 
 const app = new cdk.App();
 
@@ -14,4 +15,14 @@ new lambda.Function(stack, 'MyLambda', {
   vpc,
 });
 
-app.synth();
+new lambda.Function(stack, 'IPv6EnabledLambda', {
+  vpc,
+  code: new lambda.InlineCode('def main(event, context): pass'),
+  handler: 'index.main',
+  runtime: lambda.Runtime.PYTHON_3_9,
+  ipv6AllowedForDualStack: true,
+});
+
+new integ.IntegTest(app, 'VpcLambdaTest', {
+  testCases: [stack],
+});

packages/aws-cdk-lib/aws-lambda/lib/function.ts

@@ -264,6 +264,13 @@ export interface FunctionOptions extends EventInvokeConfigOptions {
    */
   readonly allowAllOutbound?: boolean;
 
+  /**
+   * Indicates whether IPv6 protocols will be allowed for dual stack subnets.
+   *
+   * @default false
+   */
+  readonly ipv6AllowedForDualStack?: boolean;
+
   /**
    * Enabled DLQ. If `deadLetterQueue` is undefined,
    * an SQS queue with default options will be defined for your Function.
@@ -1377,6 +1384,9 @@ Environment variables can be marked for removal when used in Lambda@Edge by sett
       if (props.vpcSubnets) {
         throw new Error('Cannot configure \'vpcSubnets\' without configuring a VPC');
       }
+      if (props.ipv6AllowedForDualStack) {
+        throw new Error('Cannot configure \'ipv6AllowedForDualStack\' without configuring a VPC');
+      }
       return undefined;
     }
 
@@ -1419,6 +1429,9 @@ Environment variables can be marked for removal when used in Lambda@Edge by sett
           'If you are aware of this limitation and would still like to place the function in a public subnet, set `allowPublicSubnet` to true');
       }
     }
+
+    const ipv6AllowedForDualStack = props.ipv6AllowedForDualStack ?? false;
+
     this.node.addDependency(selectedSubnets.internetConnectivityEstablished);
 
     // List can't be empty here, if we got this far you intended to put your Lambda
@@ -1428,6 +1441,7 @@ Environment variables can be marked for removal when used in Lambda@Edge by sett
     return {
       subnetIds: selectedSubnets.subnetIds,
       securityGroupIds: securityGroups.map(sg => sg.securityGroupId),
+      ipv6AllowedForDualStack,
     };
   }
 

packages/aws-cdk-lib/aws-lambda/test/vpc-lambda.test.ts

@@ -334,10 +334,48 @@ describe('lambda + vpc', () => {
         code: new lambda.InlineCode('foo'),
         handler: 'index.handler',
         runtime: lambda.Runtime.NODEJS_LATEST,
-        vpcSubnets: { subnetType: ec2.SubnetType.PRIVATE },
+        vpcSubnets: { subnetType: ec2.SubnetType.PRIVATE_ISOLATED },
       });
     }).toThrow('Cannot configure \'vpcSubnets\' without configuring a VPC');
   });
+
+  test('specifying ipv6AllowedForDualStack without a vpc throws an Error', () => {
+    // GIVEN
+    const stack = new cdk.Stack();
+
+    // WHEN
+    expect(() => new lambda.Function(stack, 'MyLambda', {
+      code: new lambda.InlineCode('foo'),
+      handler: 'index.handler',
+      runtime: lambda.Runtime.NODEJS_LATEST,
+      ipv6AllowedForDualStack: true,
+    })).toThrow(/Cannot configure 'ipv6AllowedForDualStack' without configuring a VPC/);
+  });
+
+  test('can specify ipv6AllowedForDualStack for Lambda', () => {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const vpc = new ec2.Vpc(stack, 'Vpc', {
+      maxAzs: 3,
+      natGateways: 1,
+    });
+
+    // WHEN
+    new lambda.Function(stack, 'MyLambda', {
+      vpc,
+      code: new lambda.InlineCode('foo'),
+      handler: 'index.handler',
+      runtime: lambda.Runtime.NODEJS_LATEST,
+      ipv6AllowedForDualStack: true,
+    });
+
+    // THEN
+    Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', {
+      VpcConfig: {
+        Ipv6AllowedForDualStack: true,
+      },
+    });
+  });
 });
 
 class SomethingConnectable implements ec2.IConnectable {