Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: VPC Lambda Functions in Multiple Availability Zones

Ensure VPC Lambda functions operate in more than one Availability Zone for improved reliability.

RuleVPC Lambda functions should operate in more than one Availability Zone
FrameworkAWS Foundational Security Best Practices
Severity
Medium

Rule Description:

The VPC Lambda functions should be configured to operate in more than one Availability Zone (AZ) as recommended by AWS Foundational Security Best Practices. Operating in multiple AZs ensures high availability and fault tolerance for your Lambda functions, as it allows them to run in parallel across different physical infrastructure in case of failures or disruptions.

Troubleshooting Steps:

  2. 1.
    Check if your Lambda functions are configured to operate in only one Availability Zone.
  4. 2.
    Review the Lambda function's configuration settings and check if it is explicitly set to a specific Availability Zone.
  6. 3.
    Confirm if the function is not using any fixed IP addresses that are specific to a single Availability Zone.

Remediation:

To configure your VPC Lambda functions to operate in more than one Availability Zone, follow these step-by-step instructions:

  2. 1.
    Open the AWS Management Console and navigate to the Lambda service.
  4. 2.
    Select the appropriate Lambda function that needs to be configured.
  6. 3.
    Scroll down to the "Configuration" tab and click on it.
  8. 4.
    In the "Network settings" section, click on "Edit".
  10. 5.
    Under "VPC settings", ensure that you have selected a VPC for your Lambda function.
  12. 6.
    Review the "Subnets" section, which lists the subnets associated with the VPC. Make sure that there are at least two subnets from different Availability Zones selected or associated with your Lambda function.
  14. 7.
    If there is only one subnet listed, click on "Add subnet" and select an additional subnet from a different Availability Zone.
  16. 8.
    Once you have added multiple subnets from different Availability Zones, click on "Save".
  18. 9.
    Test your Lambda function to verify that it can operate successfully in multiple Availability Zones.

CLI Command:

To configure the VPC settings of your Lambda function to operate in more than one Availability Zone using AWS CLI, follow these steps:

  2. 1.
    Open the AWS CLI or a terminal with AWS CLI installed.
  4. 2.
    Run the following command to update your Lambda function's VPC settings:
aws lambda update-function-configuration --function-name <function-name> --vpc-config SubnetIds=<subnet-id-1>,<subnet-id-2>,... AvailabilityZone=us-west-2a,us-west-2b,...

Replace 

<function-name>
with the name of your Lambda function. Replace 
<subnet-id-1>,<subnet-id-2>
with the IDs of the additional subnets from different Availability Zones. Replace 
us-west-2a,us-west-2b
with the Availability Zones where the subnets are located.

  2. 1.
    Once the command is successfully executed, your Lambda function will be configured to operate in multiple Availability Zones in the specified VPC.

Note:

Make sure to follow AWS Best Practices for high availability and fault tolerance, and regularly review and update your Lambda functions' configurations to maintain optimal performance and reliability.

Is your System Free of Underlying Vulnerabilities?
Find Out Now