Ensure that your Amazon Lambda functions are configured to connect to private VPC subnets only in order to have secure access to private VPC-based resources such as Amazon ElastiCache clusters and RDS database instances.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Amazon Lambda functions are typically configured with private VPC subnets when they need to securely access private resources within the VPC or require controlled outbound internet access via a NAT gateway. This setup enhances security and control, ensuring Lambda functions can interact with internal resources while minimizing exposure to the Internet.
Audit
To determine if your Amazon Lambda functions are configured to use private VPC subnets, perform the following actions:
Remediation / Resolution
To ensure that your Amazon Lambda functions are configured to connect to private VPC subnets only, perform the following actions:
References
- AWS Documentation
- AWS Lambda FAQs
- Configuring AWS Lambda functions
- Connecting outbound networking to resources in a VPC
- AWS Command Line Interface (CLI) Documentation
- list-functions
- get-function
- describe-route-tables
- update-function-configuration