Lambda function should have access to VPC resources in configuration

문서 > Datadog 보안 > OOTB Rules > Lambda function should have access to VPC resources in configuration

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

This rule identifies Lambda functions that are not configured with VPC access. Configuring a Lambda function within a VPC enforces network segmentation and is a best practice for functions that interact with private resources such as databases, internal APIs, or ElastiCache clusters. Not all functions require VPC access, so functions flagged by this rule should be reviewed to determine whether VPC configuration is appropriate for their use case. Datadog-managed functions (Forwarder, Agentless Scanner, integration Lambdas) are automatically excluded.

Note: Attaching a Lambda to a VPC without a properly configured NAT gateway and route table will break outbound internet access. Ensure the VPC networking supports the function’s connectivity needs before making changes.

Remediation

Review the flagged Lambda function to determine whether it requires access to VPC-private resources. If it does, configure VPC access following the Configuring VPC access documentation. If the function only requires internet or AWS API access, no action is needed and the finding can be accepted.