This rule ensures that Lambda functions do not have public access, reducing security risks.
Rule | Lambda functions should restrict public access |
Framework | HIPAA |
Severity | ✔ Critical |
Rule Description:
Lambda functions in the AWS environment should have restricted public access to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA). This policy aims to protect the confidentiality, integrity, and availability of sensitive health-related information stored and processed within Lambda functions.
Troubleshooting Steps (if applicable):
Necessary Codes (if applicable):
import boto3
def lambda_handler(event, context):
# Retrieve the current configuration of the Lambda function
client = boto3.client('lambda')
function_name = context.function_name
response = client.get_function_configuration(FunctionName=function_name)
# Modify the function's VPC configuration to restrict public access
response['VpcConfig']['SecurityGroupIds'] = ['sg-XXXXXXXX']
response['VpcConfig']['SubnetIds'] = ['subnet-XXXXXXXX']
# Update the Lambda function's configuration
response = client.update_function_configuration(
FunctionName=function_name,
VpcConfig=response['VpcConfig']
)
return {
'statusCode': 200,
'body': 'Lambda function public access has been restricted.'
}
import boto3
def lambda_handler(event, context):
# Retrieve the current configuration of the Lambda function
client = boto3.client('lambda')
function_name = context.function_name
response = client.get_function_configuration(FunctionName=function_name)
# Remove the function's VPC configuration to disable public access
response['VpcConfig'] = {}
# Update the Lambda function's configuration
response = client.update_function_configuration(
FunctionName=function_name,
VpcConfig=response['VpcConfig']
)
return {
'statusCode': 200,
'body': 'Lambda function public access has been removed.'
}
Step-by-Step Guide for Remediation:
Note: Consult with your organization's security and compliance teams to ensure the specific requirements of HIPAA compliance are met, as policies may vary depending on the context and regulations applicable to your organization.