Ensure Lambda functions are configured within a VPC for enhanced security and control.
Rule | Lambda functions should be in a VPC |
Framework | NIST 800-171 Revision 2 |
Severity | ✔ Low |
Rule Description:
According to NIST 800-171 Revision 2, lambda functions should be configured within a Virtual Private Cloud (VPC). A VPC helps to isolate and secure the lambda functions from unauthorized access and potential security breaches.
Troubleshooting:
If lambda functions are not configured within a VPC, it may expose the functions to the public internet, increasing the risk of unauthorized access and potential security vulnerabilities. By following the recommended policy, the lambda functions will be protected within the VPC infrastructure.
Code:
To configure a lambda function within a VPC, you need to use the AWS Lambda service and modify the function's network settings. Below is an example of how to configure a lambda function within a VPC using AWS CLI:
aws lambda update-function-configuration --function-name <lambda_function_name> --vpc-config SubnetIds=<subnet_id>,SecurityGroupIds=<security_group_id>
Replace
<lambda_function_name>
with the name of your lambda function.
Replace <subnet_id>
with the ID of the subnet in your VPC.
Replace <security_group_id>
with the ID of the security group that should be associated with the lambda function.Step-by-Step Guide for Remediation:
Identify the lambda function:
Determine the VPC details:
Configure the lambda function within a VPC using the AWS CLI:
Update the function configuration:
Replaceaws lambda update-function-configuration --function-name <lambda_function_name> --vpc-config SubnetIds=<subnet_id>,SecurityGroupIds=<security_group_id>
<lambda_function_name>
with the actual name of your lambda function.
Replace <subnet_id>
with the ID of the subnet in your VPC.
Replace <security_group_id>
with the ID of the security group associated with the lambda function.Validate the configuration:
Test the lambda function:
By following these steps, you can ensure that your lambda function is configured within a VPC, adhering to the NIST 800-171 Revision 2 policy. This will help safeguard your lambda functions and enhance the overall security of your infrastructure.