Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Lambda functions should be in a VPC

Ensure lambda functions are in a VPC for better security and isolation.

RuleLambda functions should be in a VPC
FrameworkNIST 800-171 Revision 2
Severity
Low

Rule Description:

According to NIST 800-171 Revision 2, Lambda functions should be deployed within a Virtual Private Cloud (VPC) to ensure the security of sensitive data and protect against unauthorized access.

Troubleshooting Steps:

If Lambda functions are not configured within a VPC, it can pose a security risk by allowing potential exposure of sensitive data. Follow the steps below to troubleshoot and fix this issue:

  1. 1.

    Identify the Lambda functions:

    • Review your AWS account and identify which Lambda functions are deployed.
  2. 2.

    Check if Lambda functions are configured within a VPC:

    • Go to the AWS Management Console and access the Lambda service.
    • Select each Lambda function and navigate to the "Configuration" tab.
    • Look for the "VPC" section and check if a VPC is currently associated with the function.
  3. 3.

    Update Lambda functions to use a VPC:

    • If the Lambda function is not using a VPC, note down the required VPC details like subnet(s), security group(s), etc.
  4. 4.

    Create a new VPC (if necessary):

    • If there is no existing VPC suitable for Lambda functions, create a new VPC in the desired availability zone(s).
    • Assign appropriate subnets to the VPC, keeping security requirements in mind.
    • Configure Network Access Control Lists (NACLs) and security groups for the VPC.
  5. 5.

    Update Lambda function configuration:

    • Go to the "Configuration" tab in the Lambda function settings.
    • In the "VPC" section, click on "Edit" and select the desired VPC and associated subnets.
    • If required, configure any additional settings like security groups and VPC endpoints.
  6. 6.

    Review and test:

    • Double-check the updated configuration for the Lambda functions to ensure they are now associated with the specified VPC.
    • Execute a test run of the Lambda functions to ensure they are functioning correctly within the VPC.

Necessary Code:

When updating the Lambda function configuration to associate it with a VPC, there is no specific code required. It is a configuration change within the AWS Management Console or can be achieved through AWS CLI commands.

CLI Command for Remediation:

If you prefer using the AWS CLI to configure the Lambda function within a VPC, follow these steps:

  1. 1.

    Retrieve the Lambda function details:

    aws lambda get-function --function-name <function-name>
    
  2. 2.

    Update the Lambda function configuration to associate it with a VPC:

    aws lambda update-function-configuration --function-name <function-name> --vpc-config SubnetIds=<subnet-ids>,SecurityGroupIds=<security-group-ids>
    

    Note: Replace

    <function-name>
    ,
    <subnet-ids>
    , and
    <security-group-ids>
    with appropriate values.

  3. 3.

    Verify the updated configuration by executing step 1 again and confirming that the function is associated with the specified VPC.

By following these steps, you will ensure that your Lambda functions comply with the NIST 800-171 Revision 2 requirement of being deployed within a VPC, thus enhancing the security and protection of sensitive data.

Is your System Free of Underlying Vulnerabilities?
Find Out Now