Detections
Analytics

Ensure VPC access is enabled for AWS Lambda Functions

MEDIUM

Description

AWS Lambda functions are not configured to access resources in a Virtual Private Cloud (VPC) which may cause public exposure of private data.

Remediation

In AWS Console -

  1. Sign in to AWS Console and go to the Functions page on the Lambda console.
  2. Select a function.
  3. Select Configuration and then choose VPC.
  4. Select Edit.
  5. Select VPC, subnets, and security groups.
  6. Click Save.

In Terraform -

  1. In the aws_lambda_function resource, set the vpc_config.security_group_ids field to the appropriate value for the VPC(s).
  2. Set the vpc_config.subnet_ids to the appropriate value for the VPC subnet(s).

References:
https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function#vpc_config

Policy Details

Rule Reference ID: AC_AWS_0164
CSP: AWS
Remediation Available: Yes
Domain: Infrastructure Security
Resource: aws_lambda_function
Resource Category: Serverless
Resource Type: Lambda

Frameworks