Ensure all Lambda functions are properly configured within a VPC for improved security and network access control.
Rule | Lambda functions should be in a VPC |
Framework | RBI Cyber Security Framework |
Severity | ✔ Low |
Rule Description
The rule states that all Lambda functions should be configured within a Virtual Private Cloud (VPC) as a measure to comply with the RBI (Reserve Bank of India) Cyber Security Framework. This is aimed at enhancing the security of Lambda functions by isolating them within a private network and providing controlled access to resources.
Troubleshooting Steps
If you encounter any issues while implementing this rule, you can follow these troubleshooting steps:
Necessary Codes
To implement this rule, you need to make use of the following codes:
CloudFormation
Resources:
MyLambdaFunction:
Type: AWS::Lambda::Function
Properties:
...
VpcConfig:
SecurityGroupIds:
- sg-xxxxxxxx
SubnetIds:
- subnet-xxxxxxxx
AWS CLI
aws lambda update-function-configuration --function-name MyLambdaFunction --vpc-config "SecurityGroupIds=['sg-xxxxxxxx'],SubnetIds=['subnet-xxxxxxxx']"
Step-by-Step Guide for Remediation
To ensure compliance with the RBI Cyber Security Framework, follow these steps to configure your Lambda function within a VPC:
Identify VPC and Subnets: Determine the VPC and subnet(s) within which you want to deploy your Lambda function. Ensure that these subnets have appropriate routing configurations and are connected to the necessary resources (such as databases or other services).
Identify Security Group: Identify the security group that should be associated with your Lambda function. This security group controls inbound and outbound traffic for the function.
CloudFormation:
VpcConfig
property under the Properties
section of your Lambda function resource definition. Provide the appropriate SecurityGroupIds
and SubnetIds
values within this property.AWS CLI:
aws lambda update-function-configuration --function-name MyLambdaFunction --vpc-config "SecurityGroupIds=['YourSecurityGroupId'],SubnetIds=['YourSubnetId']"
Replace
MyLambdaFunction
, YourSecurityGroupId
, and YourSubnetId
with your actual function name, security group ID, and subnet ID respectively.Verify Function Execution: After updating the Lambda function's configuration to use the VPC, redeploy it if necessary. Confirm that the function executes as expected, while now being within the defined VPC boundaries.
By following these steps, you can successfully configure your Lambda function within a VPC, ensuring compliance with the RBI Cyber Security Framework.