Info icon
End of Life Notice: For Trend Cloud One™ - Conformity Customers, Conformity will reach its End of Sale on “July 31st, 2025” and End of Life “July 31st, 2026”. The same capabilities and much more is available in TrendAI Vision One™ Cloud Risk Management. For details, please refer to Upgrade to TrendAI Vision One™

Deploy Agent Action Group Lambda Functions in VPC

TrendAI Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1400 automated best practice checks.

Risk Level: Medium (should be achieved)

Ensure that the AWS Lambda functions configured as action group executors for your Amazon Bedrock agents are deployed within a Virtual Private Cloud (VPC). Amazon Bedrock agents use action groups to carry out tasks by invoking Lambda functions that contain business logic, which is often generated or influenced by information the agent elicits from users and orchestrates through the foundation model. Deploying the Lambda function inside a VPC restricts network egress to controlled paths defined by your VPC route tables, NAT gateways, and VPC endpoints, and allows you to enforce network-level access control using security groups and network ACLs.

Security

Lambda functions serving as action group executors for Amazon Bedrock agents often process untrusted, model-generated input and can have access to sensitive internal resources or data sources, making them attractive targets for prompt injection and code injection attacks that attempt to exfiltrate data. When a Lambda function is not deployed within a VPC, it can freely establish outbound connections to any internet endpoint, giving an attacker a direct path to exfiltrate data or communicate with command-and-control infrastructure. Deploying the Lambda function inside a VPC forces all network traffic through security groups and, if configured, through a NAT gateway or VPC endpoints, allowing you to restrict egress to only the destinations required for the function to operate. This network-level containment provides an additional layer of defense that complements IAM permission boundaries and reduces the blast radius of a compromised or manipulated action group executor.


Audit

To determine if the Lambda functions used by your Amazon Bedrock Agent action groups are deployed within a VPC, perform the following operations:

Using AWS Console

  1. Sign in to the AWS Management Console.

  2. Navigate to Amazon Bedrock console available at https://console.aws.amazon.com/bedrock/.

  3. In the main navigation panel, under Build, select Agents Classic.

  4. In the Agents section, click on the name (link) of the agent that you want to examine, available in the Name column.

  5. On the agent details page, choose Edit in Agent Builder at the top of the page.

  6. In the Agent Builder, scroll down to the Action groups section to view the action groups configured for the selected agent.

  7. Click on the name (link) of the action group that you want to examine. In the Action group invocation section, identify the Lambda function associated with the action group, then choose View next to the function name to open the function in the AWS Lambda console.

  8. In the Lambda function page, select the Configuration tab, then choose VPC from the left navigation panel.

  9. In the VPC section, check if a VPC, subnets, and security groups are configured for the function. If the VPC section shows No VPC configuration or no VPC ID is listed, the Lambda function used by the selected Bedrock Agent action group is not deployed within a VPC.

  10. Repeat steps no. 7 – 9 for each action group configured for the selected Amazon Bedrock agent.

  11. Repeat steps no. 4 – 10 for each Bedrock agent available within the current AWS region.

  12. Change the AWS cloud region from the navigation bar to repeat the Audit process for other regions.

Using AWS CLI

  1. Run list-agents command (OSX/Linux/UNIX) to list the identifier (ID) of each Amazon Bedrock agent available in the selected AWS cloud region:

    aws bedrock-agent list-agents
      --region us-east-1
      --query 'agentSummaries[*].agentId'
    
  2. The command output should return the requested agent identifiers (IDs):

    [
        "ABCDACBDAB",
        "ABCABCABCA"
    ]
    
  3. Run list-agent-action-groups command (OSX/Linux/UNIX) with the agent ID and the DRAFT agent version to list the action group identifiers for the selected agent. Use DRAFT to inspect the current mutable configuration. To list published (immutable) agent versions, use the list-agent-versions command:

    aws bedrock-agent list-agent-action-groups
      --region us-east-1
      --agent-id ABCDACBDAB
      --agent-version DRAFT
      --query 'actionGroupSummaries[*].actionGroupId'
    
  4. The command output should return the requested action group identifiers (IDs):

    [
        "XYXYXYXYXY"
    ]
    
  5. Run get-agent-action-group command (OSX/Linux/UNIX) with the agent ID, agent version, and action group ID to describe the action group executor configuration and extract the Lambda function ARN:

    aws bedrock-agent get-agent-action-group
      --region us-east-1
      --agent-id ABCDACBDAB
      --agent-version DRAFT
      --action-group-id XYXYXYXYXY
      --query 'agentActionGroup.actionGroupExecutor.lambda'
    
  6. The command output should return the ARN of the Lambda function used as the action group executor:

    "arn:aws:lambda:us-east-1:123456789012:function:cc-bedrock-agent-executor"
    

    If the command output returns null or the action group uses customControl instead of a Lambda function, VPC deployment verification is not applicable for this action group.

  7. Run get-function-configuration command (OSX/Linux/UNIX) using the Lambda function ARN returned at the previous step to check if the function is deployed within a VPC:

    aws lambda get-function-configuration
      --region us-east-1
      --function-name arn:aws:lambda:us-east-1:123456789012:function:cc-bedrock-agent-executor
      --query 'VpcConfig'
    
  8. The command output should return the VPC configuration details of the selected Lambda function. If the function is not deployed within a VPC, the VpcConfig attribute is absent and the command returns null:

    null
    

    A null result indicates that the Lambda function used by the selected Amazon Bedrock Agent action group is not deployed within a VPC. In some cases the output may instead be an object with empty "SubnetIds" and "SecurityGroupIds" lists and an empty "VpcId" string, which also indicates that the function is not deployed within a VPC:

    {
        "SubnetIds": [],
        "SecurityGroupIds": [],
        "VpcId": ""
    }
    
  9. Repeat steps no. 5 – 8 for each action group configured for the selected Amazon Bedrock agent.

  10. Repeat steps no. 3 – 9 for each Amazon Bedrock agent available in the selected AWS region.

  11. Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 10 to perform the Audit process for other regions.

Remediation / Resolution

To deploy the Lambda functions used by your Amazon Bedrock Agent action groups within a VPC, you must attach the required VPC configuration (subnets and security groups) to each Lambda function. To perform the remediation, perform the following operations:

Note: Before attaching a Lambda function to a VPC, ensure that the function's execution role has the necessary Amazon EC2 permissions (ec2:CreateNetworkInterface, ec2:DescribeNetworkInterfaces, ec2:DescribeSubnets, ec2:DeleteNetworkInterface, ec2:AssignPrivateIpAddresses, ec2:UnassignPrivateIpAddresses), typically provided via the AWS managed policy AWSLambdaVPCAccessExecutionRole. If the Lambda function requires internet access (e.g., to call external APIs), attach it to private subnets that route outbound traffic through a NAT gateway, rather than to public subnets, as connecting a function to a public subnet does not, by itself, grant internet access or a public IP address.

Using AWS Console

  1. Sign in to the AWS Management Console.

  2. Open the Functions page of the Lambda console and click on the name (link) of the Lambda function used by your Bedrock Agent action group (see Audit section part I to identify the right resource).

  3. Select the Configuration tab, then choose VPC from the left navigation panel.

  4. Choose Edit.

  5. Under VPC, select the Amazon VPC that you want to attach your function to.

  6. Under Subnets, select the private subnets (one per Availability Zone, for high availability) that you want to use for your function's network interfaces.

  7. Under Security groups, select the security group(s) that define the inbound and outbound traffic rules for your function.

  8. Choose Save to attach the VPC configuration to the Lambda function.

  9. Repeat steps no. 2 – 8 for each Lambda function used by your Amazon Bedrock Agent action groups within the current AWS region.

  10. Change the AWS cloud region from the navigation bar to repeat the Remediation process for other regions.

Using AWS CLI

  1. Run update-function-configuration command (OSX/Linux/UNIX) to attach a VPC configuration to the Lambda function used by your Bedrock Agent action group (see Audit section part II to identify the right resource). Replace <subnet-id> and <security-group-id> with the identifiers of the private subnets and security group(s) that you want to use:

    aws lambda update-function-configuration
      --region us-east-1
      --function-name cc-bedrock-agent-executor
      --vpc-config SubnetIds=<subnet-id-1>,<subnet-id-2>,SecurityGroupIds=<security-group-id>
    
  2. The command output should return the updated function configuration, including the new VPC configuration:

    {
        "FunctionName": "cc-bedrock-agent-executor",
        "FunctionArn": "arn:aws:lambda:us-east-1:123456789012:function:cc-bedrock-agent-executor",
        "VpcConfig": {
            "SubnetIds": [
                "subnet-0abcdabcdabcdabcd",
                "subnet-01234123412341234"
            ],
            "SecurityGroupIds": [
                "sg-01234abcd1234abcd"
            ],
            "VpcId": "vpc-0abcd1234abcd1234"
        },
        "LastUpdateStatus": "InProgress"
    }
    
  3. Repeat steps no. 1 and 2 for each Lambda function used by your Amazon Bedrock Agent action groups in the selected AWS region.

  4. Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 3 to perform the Remediation process for other regions.

References

Publication date Jul 13, 2026