Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Lambda functions should be in a VPC

Ensure all Lambda functions are configured within a VPC for improved security measures.

RuleLambda functions should be in a VPC
FrameworkNIST Cybersecurity Framework (CSF) v1.1
Severity
Low

Rule Description:

Lambda functions should be running inside a VPC in order to comply with the NIST Cybersecurity Framework (CSF) v1. The purpose of this rule is to enhance security by isolating Lambda functions from the public internet and providing them with controlled network access.

Troubleshooting Steps:

If Lambda functions are not configured to run inside a VPC, the following troubleshooting steps can be followed:

Step 1: Verify Lambda Function Configuration: Check the AWS Lambda configuration for the specific function in question.

  • Open the AWS Lambda console.
  • Select the Lambda function in question.
  • Under the "General configuration" tab, ensure that the VPC field is properly configured.

Step 2: Verify VPC Configuration: Check the VPC configuration to ensure that it meets the requirements for Lambda functions.

  • Open the Amazon VPC console.
  • Select the VPC used for Lambda functions.
  • Ensure that the VPC has the necessary subnets and route tables required for Lambda function connectivity.

Step 3: Verify Security Group Rules: Check the security group rules associated with the Lambda function and ensure they allow necessary inbound/outbound traffic.

  • Open the Amazon VPC console.
  • Select the security group(s) associated with the Lambda function.
  • Review the inbound and outbound rules to ensure they align with the networking requirements of the Lambda function.

Necessary Codes:

No specific codes are required for this rule. However, the following code snippet may be useful for creating a Lambda function within a VPC:

import boto3

def lambda_handler(event, context):
    # Define your Lambda function logic here
    pass

# Define the VPC configuration for the Lambda function
vpc_config = {
    'SubnetIds': ['subnet-12345', 'subnet-67890'],
    'SecurityGroupIds': ['sg-abcdef']
}

# Create the Lambda function in the VPC
lambda_client = boto3.client('lambda')
response = lambda_client.create_function(
    FunctionName='my-lambda-function',
    Runtime='python3.8',
    Role='arn:aws:iam::1234567890:role/my-lambda-role',
    Handler='lambda_handler',
    VpcConfig=vpc_config
)

Make sure to replace the subnet IDs, security group IDs, IAM role, and other relevant values with your own.

Step-by-Step Guide for Remediation:

To remediate the issue and ensure Lambda functions are running within a VPC, follow these step-by-step instructions:

Step 1: Access the AWS Lambda Console:

  • Open the AWS Management Console.
  • Navigate to the AWS Lambda service.

Step 2: Select the Lambda Function:

  • Identify the Lambda function that needs to be configured to run within a VPC.
  • Click on the Lambda function's name to access its configuration settings.

Step 3: Configure VPC Settings:

  • In the "General configuration" tab, locate the "VPC" field.
  • Click on the "Edit" button next to the VPC field.

Step 4: Select the VPC and Subnets:

  • From the dropdown menu, choose the appropriate VPC where the Lambda function should run.
  • Select the desired subnets within the chosen VPC.

Step 5: Configure Security Groups:

  • Optionally, configure the necessary security groups for the Lambda function.
  • Select the appropriate security groups or create new ones if needed.

Step 6: Save the Configuration:

  • Click on the "Save" button to apply the VPC configuration changes.

After following these steps, the Lambda function will be running within the specified VPC, ensuring compliance with the NIST Cybersecurity Framework (CSF) v1.

Is your System Free of Underlying Vulnerabilities?
Find Out Now