Ensure lambda functions are in a VPC for better security and isolation.
Rule | Lambda functions should be in a VPC |
Framework | NIST 800-171 Revision 2 |
Severity | ✔ Low |
Rule Description:
According to NIST 800-171 Revision 2, Lambda functions should be deployed within a Virtual Private Cloud (VPC) to ensure the security of sensitive data and protect against unauthorized access.
Troubleshooting Steps:
If Lambda functions are not configured within a VPC, it can pose a security risk by allowing potential exposure of sensitive data. Follow the steps below to troubleshoot and fix this issue:
Identify the Lambda functions:
Check if Lambda functions are configured within a VPC:
Update Lambda functions to use a VPC:
Create a new VPC (if necessary):
Update Lambda function configuration:
Review and test:
Necessary Code:
When updating the Lambda function configuration to associate it with a VPC, there is no specific code required. It is a configuration change within the AWS Management Console or can be achieved through AWS CLI commands.
CLI Command for Remediation:
If you prefer using the AWS CLI to configure the Lambda function within a VPC, follow these steps:
Retrieve the Lambda function details:
aws lambda get-function --function-name <function-name>
Update the Lambda function configuration to associate it with a VPC:
aws lambda update-function-configuration --function-name <function-name> --vpc-config SubnetIds=<subnet-ids>,SecurityGroupIds=<security-group-ids>
Note: Replace
<function-name>
, <subnet-ids>
, and <security-group-ids>
with appropriate values.Verify the updated configuration by executing step 1 again and confirming that the function is associated with the specified VPC.
By following these steps, you will ensure that your Lambda functions comply with the NIST 800-171 Revision 2 requirement of being deployed within a VPC, thus enhancing the security and protection of sensitive data.