VPC Lambda functions should operate in multiple Availability Zones

Description

This control verifies whether an AWS Lambda function that connects to a Virtual Private Cloud (VPC) is deployed across at least two Availability Zones (AZs). The control will fail if the function does not meet the the minimum of two AZs.

Distributing resources across multiple AZs follows AWS best practices to enhance system resilience and ensure high availability. High availability is essential for maintaining system functionality and is a fundamental aspect of the security principles of confidentiality, integrity, and availability. Lambda functions connected to a VPC should be configured for multi-AZ deployment to avoid service interruptions caused by a failure in a single zone.

Remediation

For guidance on configuring Lambda function VPC settings, refer to the Configuring VPC access section of the AWS Lambda Developer Guide