From 4a4c4e951c99c5deebce0a5dab7bd7a32767639c Mon Sep 17 00:00:00 2001 From: Matthias Veit Date: Wed, 20 Mar 2024 08:37:54 +0100 Subject: [PATCH] [fix] Remove Lambda VPC check --- ...architected_framework_security_pillar.json | 3 -- fixcompliance/data/checks/aws/aws_lambda.json | 29 ------------------- 2 files changed, 32 deletions(-) diff --git a/fixcompliance/data/benchmark/aws/aws_well_architected_framework_security_pillar.json b/fixcompliance/data/benchmark/aws/aws_well_architected_framework_security_pillar.json index 986480f..dbae80e 100644 --- a/fixcompliance/data/benchmark/aws/aws_well_architected_framework_security_pillar.json +++ b/fixcompliance/data/benchmark/aws/aws_well_architected_framework_security_pillar.json @@ -231,7 +231,6 @@ "aws_glacier_vaults_policy_public_access", "aws_kms_cmk_policy_prohibit_public_access", "aws_lambda_cors_policy", - "aws_lambda_function_in_vpc", "aws_lambda_function_restrict_public_access", "aws_opensearch_domain_is_not_publicly_accessible", "aws_redshift_cluster_publicly_accessible", @@ -251,7 +250,6 @@ "checks": [ "aws_dms_public_ip_address", "aws_ec2_instance_in_vpc", - "aws_lambda_function_in_vpc", "aws_lambda_publicly_accessible_permissions", "aws_opensearch_domain_is_not_publicly_accessible", "aws_sagemaker_notebook_with_direct_internet_access", @@ -420,7 +418,6 @@ "aws_ecr_image_scan_on_push", "aws_ecs_ecs_cluster_container_insights_enabled", "aws_ecs_ecs_service_fargate_using_latest_platform_version", - "aws_lambda_function_in_vpc", "aws_lambda_publicly_accessible_permissions" ] }, diff --git a/fixcompliance/data/checks/aws/aws_lambda.json b/fixcompliance/data/checks/aws/aws_lambda.json index 0b98b08..cade4e7 100644 --- a/fixcompliance/data/checks/aws/aws_lambda.json +++ b/fixcompliance/data/checks/aws/aws_lambda.json @@ -31,35 +31,6 @@ } } }, - { - "name": "function_in_vpc", - "title": "Ensure That AWS Lambda Functions Are Deployed within a VPC and Configured with Appropriate Security Groups for Precise and Compliant Network Access Controls", - "result_kinds": [ - "aws_lambda_function" - ], - "categories": [ - "security", - "compliance" - ], - "risk": "Lambda functions without established controls via security groups in a VPC, are vulnerable to unauthorized access. This exposure threatens data security and compliance standards.", - "severity": "info", - "detect": { - "fix": "is(aws_lambda_function) with (empty, <-- is(aws_vpc))" - }, - "remediation": { - "text": "Modify your Lambda function configuration to deploy within a VPC. This requires setting up necessary security groups and network access controls.", - "url": "https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html", - "complexity": "medium" - }, - "url": "https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/", - "localizations": { - "de": { - "title": "Stellen Sie sicher, dass AWS Lambda-Funktionen innerhalb einer VPC bereitgestellt werden und mit geeigneten Sicherheitsgruppen für präzise und konforme Netzwerkzugriffskontrollen konfiguriert sind.", - "risk": "Lambda-Funktionen ohne etablierte Kontrollen über Sicherheitsgruppen in einer VPC sind anfällig für unbefugten Zugriff. Diese Exposition bedroht die Datensicherheit und Konformitätsstandards.", - "remediation": "Ändern Sie die Konfiguration Ihrer Lambda-Funktion, um sie innerhalb einer VPC bereitzustellen. Dies erfordert das Einrichten der erforderlichen Sicherheitsgruppen und Netzwerkzugriffskontrollen." - } - } - }, { "name": "cors_policy", "title": "Ensure Appropriate CORS Configuration for AWS Lambda Functions URL",