Rule: Lambda Functions in a VPC
Ensure lambda functions are set up within a VPC for enhanced security and control.
| Rule | Lambda functions should be in a VPC |
| Framework | GxP 21 CFR Part 11 |
| Severity | ✔ Low |
Rule/Policy Description: Lambda functions should be in a VPC for GxP 21 CFR Part 11 compliance.
Lambda functions, which are serverless functions offered by AWS, should be deployed within a Virtual Private Cloud (VPC) for organizations operating under GxP (Good Practice) guidelines and compliance with 21 CFR Part 11 regulations. This ensures enhanced security and control over data handling and processing within the lambda function environment.
Troubleshooting Steps (if applicable):
- 1.Ensure that the lambda function is not already deployed outside a VPC.
- 2.Verify that the VPC configuration meets the GxP and 21 CFR Part 11 compliance requirements.
- 3.Check the appropriate network permissions and security group settings for the lambda function within the VPC.
Necessary Codes (if applicable):
No specific codes are required for this rule. However, here is an example of how to create a lambda function within a VPC using AWS SDK for Node.js:
const AWS = require('aws-sdk');
const lambda = new AWS.Lambda();
const params = {
Code: { /* Lambda function code */ },
FunctionName: 'myLambdaFunction',
Handler: 'index.handler',
Role: 'arn:aws:iam::123456789012:role/lambda-role',
Runtime: 'nodejs14.x',
VpcConfig: {
SubnetIds: ['subnet-12345678', 'subnet-98765432'],
SecurityGroupIds: ['sg-12345678']
}
};
lambda.createFunction(params, function(err, data) {
if (err) console.log(err, err.stack);
else console.log(data);
});
Make sure to replace the subnet and security group IDs with the appropriate values from your VPC.
Step-by-Step Guide for Remediation:
- 1.Step 1: Log in to the AWS Management Console.
- 2.Step 2: Open the Lambda service.
- 3.Step 3: Click on "Create function" to create a new lambda function.
- 4.Step 4: Fill in the required details such as function name, runtime, and handler.
- 5.Step 5: Under "Execution role", select an appropriate IAM role that allows lambda function execution.
- 6.Step 6: Scroll down to the "Network" section and select "Edit" to configure the VPC settings.
- 7.Step 7: Choose the desired subnets and security groups that comply with GxP and 21 CFR Part 11 regulations.
- 8.Step 8: Review other settings and click on "Create function" to deploy the lambda function within the VPC.
- 9.Step 9: Test the lambda function to ensure it works properly within the VPC.
- 10.Step 10: Regularly monitor and evaluate the lambda function and VPC setup to comply with any required updates for GxP and 21 CFR Part 11.
Note: It is recommended to consult with compliance and security experts familiar with GxP and 21 CFR Part 11 requirements to ensure proper configuration and adherence to regulations.