Prowler HUB

Ensure AWS Lambda Functions Are Deployed Inside a VPC

awslambda_function_inside_vpc

Severitylow

This check verifies whether an AWS Lambda function is deployed within a Virtual Private Cloud (VPC). Deploying Lambda functions inside a VPC improves security by allowing control over the network environment, reducing the exposure to public internet threats.

Risk

Lambda functions not deployed in a VPC may expose your application to increased security risks, including unauthorized access and data breaches. Without the network isolation provided by a VPC, your Lambda functions are more vulnerable to attacks.

Run this check with Prowler CLI

prowler aws --checks awslambda_function_inside_vpc

Run in Prowler Cloud

ARN template

arn:partition:lambda:region:account-id:function/function-name

Recommendation

Configure your AWS Lambda functions to operate within a Virtual Private Cloud (VPC) to enhance security and control network access.

Remediation

CLI

aws lambda update-function-configuration --region <region-name> --function-name <function-name> --vpc-config SubnetIds=<subnet-id-1>,<subnet-id-2>,SecurityGroupIds=<security-group-id>

Native IAC

https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Lambda/function-in-vpc.html

Terraform

https://docs.prowler.com/checks/aws/general-policies/ensure-that-aws-lambda-function-is-configured-inside-a-vpc-1/

Other

https://docs.aws.amazon.com/securityhub/latest/userguide/lambda-controls.html#lambda-3

Source Code

Resource Type

AwsLambdaFunction

References

https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html

Check MetadataEdit

Check CodeEdit