From 212f31a29b4fc6e580e48fae9f4c8fce3b5293c5 Mon Sep 17 00:00:00 2001
From: sakurai-ryo <sakurairyo.10do@gmail.com>
Date: Thu, 14 Dec 2023 23:45:57 +0900
Subject: [PATCH 1/2] chore(lambda): add docs for allowAllOutbound

---
 packages/aws-cdk-lib/aws-lambda/lib/function.ts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/packages/aws-cdk-lib/aws-lambda/lib/function.ts b/packages/aws-cdk-lib/aws-lambda/lib/function.ts
index 356be758b9a7c..cc00935fb96d6 100644
--- a/packages/aws-cdk-lib/aws-lambda/lib/function.ts
+++ b/packages/aws-cdk-lib/aws-lambda/lib/function.ts
@@ -260,6 +260,8 @@ export interface FunctionOptions extends EventInvokeConfigOptions {
    * If set to false, you must individually add traffic rules to allow the
    * Lambda to connect to network targets.
    *
+   * Do not specify this property if the `securityGroups` or `securityGroup` property is set.
+   *
    * @default true
    */
   readonly allowAllOutbound?: boolean;

From d9475c48a9d9a697c8d8d6440237ae7390432cd6 Mon Sep 17 00:00:00 2001
From: Kaizen Conroy <36202692+kaizencc@users.noreply.github.com>
Date: Thu, 14 Dec 2023 16:12:42 -0700
Subject: [PATCH 2/2] Update packages/aws-cdk-lib/aws-lambda/lib/function.ts

---
 packages/aws-cdk-lib/aws-lambda/lib/function.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/aws-cdk-lib/aws-lambda/lib/function.ts b/packages/aws-cdk-lib/aws-lambda/lib/function.ts
index cc00935fb96d6..2a7d151a23c8e 100644
--- a/packages/aws-cdk-lib/aws-lambda/lib/function.ts
+++ b/packages/aws-cdk-lib/aws-lambda/lib/function.ts
@@ -261,6 +261,7 @@ export interface FunctionOptions extends EventInvokeConfigOptions {
    * Lambda to connect to network targets.
    *
    * Do not specify this property if the `securityGroups` or `securityGroup` property is set.
+   * Instead, configure `allowAllOutbound` directly on the security group.
    *
    * @default true
    */