---
title: Lambda function should have access to VPC resources in configuration
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Lambda function should have access to
  VPC resources in configuration
---

# Lambda function should have access to VPC resources in configuration
 
## Description{% #description %}

This rule identifies Lambda functions that are not configured with VPC access. Configuring a Lambda function within a VPC enforces network segmentation and is a best practice for functions that interact with private resources such as databases, internal APIs, or ElastiCache clusters. Not all functions require VPC access, so functions flagged by this rule should be reviewed to determine whether VPC configuration is appropriate for their use case. Datadog-managed functions (Forwarder, Agentless Scanner, integration Lambdas) are automatically excluded.

**Note:** Attaching a Lambda to a VPC without a properly configured [NAT gateway](https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html#vpc-internet) and route table will break outbound internet access. Ensure the VPC networking supports the function's connectivity needs before making changes.

## Remediation{% #remediation %}

Review the flagged Lambda function to determine whether it requires access to VPC-private resources. If it does, configure VPC access following the [Configuring VPC access](https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html#vpc-configuring) documentation. If the function only requires internet or AWS API access, no action is needed and the finding can be accepted.