Lambda function should have access to VPC resources in configuration
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Description
This rule identifies Lambda functions that are not configured with VPC access. Configuring a Lambda function within a VPC enforces network segmentation and is a best practice for functions that interact with private resources such as databases, internal APIs, or ElastiCache clusters. Not all functions require VPC access, so functions flagged by this rule should be reviewed to determine whether VPC configuration is appropriate for their use case. Datadog-managed functions (Forwarder, Agentless Scanner, integration Lambdas) are automatically excluded.
Note: Attaching a Lambda to a VPC without a properly configured NAT gateway and route table will break outbound internet access. Ensure the VPC networking supports the function’s connectivity needs before making changes.
Review the flagged Lambda function to determine whether it requires access to VPC-private resources. If it does, configure VPC access following the Configuring VPC access documentation. If the function only requires internet or AWS API access, no action is needed and the finding can be accepted.
