Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Lambda functions should be in a VPC

Ensure Lambda functions are configured within a VPC for enhanced security and control.

RuleLambda functions should be in a VPC
FrameworkNIST 800-171 Revision 2
Severity
Low

Rule Description:

According to NIST 800-171 Revision 2, lambda functions should be configured within a Virtual Private Cloud (VPC). A VPC helps to isolate and secure the lambda functions from unauthorized access and potential security breaches.

Troubleshooting:

If lambda functions are not configured within a VPC, it may expose the functions to the public internet, increasing the risk of unauthorized access and potential security vulnerabilities. By following the recommended policy, the lambda functions will be protected within the VPC infrastructure.

Code:

To configure a lambda function within a VPC, you need to use the AWS Lambda service and modify the function's network settings. Below is an example of how to configure a lambda function within a VPC using AWS CLI:

aws lambda update-function-configuration
    --function-name <lambda_function_name>
    --vpc-config SubnetIds=<subnet_id>,SecurityGroupIds=<security_group_id>

Replace 

<lambda_function_name>
with the name of your lambda function. Replace 
<subnet_id>
with the ID of the subnet in your VPC. Replace 
<security_group_id>
with the ID of the security group that should be associated with the lambda function.

Step-by-Step Guide for Remediation:

  2. 1.

    Identify the lambda function:

    • Log in to the AWS Management Console.
    • Navigate to the Lambda service.
    • Locate the lambda function that needs to be configured within a VPC.
  4. 2.

    Determine the VPC details:

    • Identify the subnet and security group that you want to associate with the lambda function within the VPC.
  6. 3.

    Configure the lambda function within a VPC using the AWS CLI:

    • Open the AWS CLI or AWS CLI tool of your choice.
  8. 4.

    Update the function configuration:

    • Use the following command to update the function configuration with the VPC details: 
      aws lambda update-function-configuration --function-name <lambda_function_name> --vpc-config SubnetIds=<subnet_id>,SecurityGroupIds=<security_group_id>
      Replace 
      <lambda_function_name>
      with the actual name of your lambda function. Replace 
      <subnet_id>
      with the ID of the subnet in your VPC. Replace 
      <security_group_id>
      with the ID of the security group associated with the lambda function.
  10. 5.

    Validate the configuration:

    • Check the updated configuration of the lambda function within the AWS Management Console.
    • Ensure that the VPC and associated subnet and security group details are correctly configured.
  12. 6.

    Test the lambda function:

    • Execute a test invocation of the lambda function to ensure that it operates properly within the VPC environment.

By following these steps, you can ensure that your lambda function is configured within a VPC, adhering to the NIST 800-171 Revision 2 policy. This will help safeguard your lambda functions and enhance the overall security of your infrastructure.

Is your System Free of Underlying Vulnerabilities?
Find Out Now