Ensure all Lambda functions are configured within a VPC for improved security measures.
Rule | Lambda functions should be in a VPC |
Framework | NIST Cybersecurity Framework (CSF) v1.1 |
Severity | ✔ Low |
Rule Description:
Lambda functions should be running inside a VPC in order to comply with the NIST Cybersecurity Framework (CSF) v1. The purpose of this rule is to enhance security by isolating Lambda functions from the public internet and providing them with controlled network access.
Troubleshooting Steps:
If Lambda functions are not configured to run inside a VPC, the following troubleshooting steps can be followed:
Step 1: Verify Lambda Function Configuration: Check the AWS Lambda configuration for the specific function in question.
Step 2: Verify VPC Configuration: Check the VPC configuration to ensure that it meets the requirements for Lambda functions.
Step 3: Verify Security Group Rules: Check the security group rules associated with the Lambda function and ensure they allow necessary inbound/outbound traffic.
Necessary Codes:
No specific codes are required for this rule. However, the following code snippet may be useful for creating a Lambda function within a VPC:
import boto3
def lambda_handler(event, context):
# Define your Lambda function logic here
pass
# Define the VPC configuration for the Lambda function
vpc_config = {
'SubnetIds': ['subnet-12345', 'subnet-67890'],
'SecurityGroupIds': ['sg-abcdef']
}
# Create the Lambda function in the VPC
lambda_client = boto3.client('lambda')
response = lambda_client.create_function(
FunctionName='my-lambda-function',
Runtime='python3.8',
Role='arn:aws:iam::1234567890:role/my-lambda-role',
Handler='lambda_handler',
VpcConfig=vpc_config
)
Make sure to replace the subnet IDs, security group IDs, IAM role, and other relevant values with your own.
Step-by-Step Guide for Remediation:
To remediate the issue and ensure Lambda functions are running within a VPC, follow these step-by-step instructions:
Step 1: Access the AWS Lambda Console:
Step 2: Select the Lambda Function:
Step 3: Configure VPC Settings:
Step 4: Select the VPC and Subnets:
Step 5: Configure Security Groups:
Step 6: Save the Configuration:
After following these steps, the Lambda function will be running within the specified VPC, ensuring compliance with the NIST Cybersecurity Framework (CSF) v1.