Ensure that your Amazon Lambda functions have access to VPC-only resources such as AWS Redshift data warehouses, AWS ElastiCache clusters, AWS RDS database instances, and service endpoints that are only accessible from within a particular Virtual Private Cloud (VPC).
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Based on your application requirements, you can configure your Amazon Lambda function to be associated with the appropriate Virtual Private Cloud. For example, to access resources inside a private VPC, you must provide additional VPC-specific configuration information that includes the VPC subnet IDs and security group IDs. Amazon Lambda service uses this configuration information to set up Elastic Network Interfaces (ENIs) that enable your function to connect securely to other resources available within your private VPC.
Audit
To determine if your AWS Lambda functions are associated with VPCs, perform the following actions:
Remediation / Resolution
To associate your existing Amazon Lambda function with Virtual Private Cloud(s) you have to update your functions network configuration. In order to do that, you simply select one of your VPCs and identify the relevant subnets and security groups. The AWS Lambda service makes use of this information to set up Elastic Network Interfaces (ENIs) and private IP addresses (taken from the subnet(s) that you specified) so that your function has access to the AWS resources within the selected VPC. To update the network configuration for your Lambda functions, perform the following:
References
- AWS Documentation
- AWS Lambda FAQs
- Configuring AWS Lambda Functions
- Configuring a Lambda Function to Access Resources in an Amazon VPC
- AWS Command Line Interface (CLI) Documentation
- lambda
- list-functions
- get-function
- update-function-configuration
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
VPC Access for AWS Lambda Functions
Risk level: Medium