lambda: 确保开发部署lambda程序只能从VPC连接
Ensure that users deploy only VPC-connected functions
To ensure that all users deploy only VPC-connected functions, you can deny function create and update operations that don't include a valid VPC ID.
Note that VPC ID is not an input parameter to the CreateFunction or UpdateFunctionConfiguration request. Lambda retrieves the VPC ID value based on the subnet and security group parameters.
Deny users access to specific VPCs, subnets, or security groups
To deny users access to specific VPCs, use StringEquals to check the value of the lambda:VpcIds condition. The following example denies users access to vpc-1 and vpc-2.
To deny users access to specific subnets, use StringEquals to check the value of the lambda:SubnetIds condition. The following example denies users access to subnet-1 and subnet-2.
To deny users access to specific security groups, use StringEquals to check the value of the lambda:SecurityGroupIds condition. The following example denies users access to sg-1 and sg-2.
Allow users to create and update functions with specific VPC settings
To allow users to access specific VPCs, use StringEquals to check the value of the lambda:VpcIds condition. The following example allows users to access vpc-1 and vpc-2.
To allow users to access specific subnets, use StringEquals to check the value of the lambda:SubnetIds condition. The following example allows users to access subnet-1 and subnet-2.
To allow users to access specific security groups, use StringEquals to check the value of the lambda:SecurityGroupIds condition. The following example allows users to access sg-1 and sg-2.
参考资料
documents: https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html#vpc-condition-examples
VPC tutorials.In the following tutorials, you connect a Lambda function to resources in your VPC.
最后更新于