This rule focuses on configuring Lambda functions with a dead-letter queue for enhanced operational efficiency.
Rule | Lambda functions should be configured with a dead-letter queue |
Framework | SOC 2 |
Severity | ✔ Medium |
Rule Description:
This rule requires that Lambda functions should be configured with a dead-letter queue as per the SOC 2 compliance standard. A dead-letter queue is a storage queue that receives messages from other queues when they cannot be delivered to the intended destination. It helps to capture and store failed Lambda function invocations, allowing for better monitoring and troubleshooting.
Troubleshooting Steps:
Verify if the Lambda function has been configured with a dead-letter queue.
Check if the dead-letter queue is properly configured and accessible by the Lambda function.
Ensure that the permissions are set correctly to allow the Lambda function to send messages to the dead-letter queue.
Necessary Codes:
To configure a dead-letter queue for a Lambda function, use the following code snippet:
aws lambda update-function-configuration --function-name <function-name> --dead-letter-config TargetArn=<dead-letter-queue-arn>
Replace
<function-name>
with the name of the Lambda function and <dead-letter-queue-arn>
with the ARN (Amazon Resource Name) of the dead-letter queue.Step-by-Step Guide for Remediation:
Identify the Lambda function that needs to be configured with a dead-letter queue.
Open the AWS Management Console and navigate to the AWS Lambda service.
In the Lambda console, search for the desired Lambda function by name or other relevant filters.
Select the Lambda function to open its configuration details.
Scroll down to the "Dead letter queue" section in the configuration page.
Click on the "Configure" button to configure the dead-letter queue.
In the "Configure dead-letter queue" pop-up window, select the desired dead-letter queue from the drop-down menu or create a new dead-letter queue if required.
Once the dead-letter queue is selected, click on the "Save" button to save the configuration.
Verify if the dead-letter queue configuration is reflected in the Lambda function's details page.
Test the Lambda function to ensure that failed invocations are captured and sent to the dead-letter queue for further analysis.
Following these steps will ensure that the Lambda function is configured with a dead-letter queue, meeting the requirements of the SOC 2 compliance standard.