Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “Lambda Should Have Access To VPC-only Resources” for AWS using AWS console, you can follow the below steps:
- Go to the AWS Lambda console.
- Select the Lambda function that needs to access VPC-only resources.
- Click on the “Configuration” tab.
- Scroll down to the “Network” section.
- Click on “Edit”.
- Select the VPC that has the required resources.
- Select the subnets that the Lambda function needs to access.
- If required, select the security groups that the Lambda function needs to access.
- Click on “Save” to apply the changes.
Using CLI
Using CLI
To remediate the misconfiguration “Lambda Should Have Access To VPC-only Resources” in AWS using AWS CLI, you can follow the below steps:Here, replace Here, replace Here, replace Here, replace Here, replace Here, replace Here, replace Here, replace
- Open the AWS CLI on your local machine or EC2 instance.
- Run the following command to create a new VPC configuration file:
<CIDR_BLOCK> with the CIDR block range you want to use for your VPC.- Run the following command to create a new subnet within the VPC:
<VPC_ID> with the ID of the VPC you created in step 2 and <SUBNET_CIDR_BLOCK> with the CIDR block range you want to use for your subnet.- Run the following command to create a new security group for the Lambda function:
<SECURITY_GROUP_NAME> with the name you want to give your security group, <SECURITY_GROUP_DESCRIPTION> with a brief description of the security group, and <VPC_ID> with the ID of the VPC you created in step 2.- Run the following command to modify the security group to allow inbound traffic from the VPC:
<SECURITY_GROUP_ID> with the ID of the security group you created in step 4 and <SUBNET_CIDR_BLOCK> with the CIDR block range of the subnet you created in step 3.- Run the following command to create a new execution role for the Lambda function:
<ROLE_NAME> with the name you want to give your execution role and trust-policy.json with the file path to your trust policy document.- Run the following command to attach the necessary policies to the execution role:
<ROLE_NAME> with the name of the execution role you created in step 6.- Run the following command to update the Lambda function to use the VPC and security group:
<FUNCTION_NAME> with the name of the Lambda function you want to update, <SUBNET_ID> with the ID of the subnet you created in step 3, <SECURITY_GROUP_ID> with the ID of the security group you created in step 4, and <ROLE_ARN> with the ARN of the execution role you created in step 6.- Run the following command to test the Lambda function to ensure it has access to VPC-only resources:
<FUNCTION_NAME> with the name of the Lambda function you updated in step 8.These steps should remediate the misconfiguration “Lambda Should Have Access To VPC-only Resources” in AWS using AWS CLI.Using Python
Using Python
To remediate the Lambda function not having access to VPC-only resources in AWS, you can follow the below steps:Make sure to attach the appropriate VPC and security group to the Lambda function while creating it.
- Open the AWS Management Console and navigate to the Lambda service page.
- Locate the Lambda function that needs to access VPC-only resources and click on it.
- Click on the “Configuration” tab and scroll down to the “VPC” section.
- Click on the “Edit” button to edit the VPC configuration.
- Select the VPC that the Lambda function needs to access and select at least one subnet in each Availability Zone.
- Select the security groups that allow access to the resources needed by the Lambda function.
- Click on the “Save” button to save the updated VPC configuration.