Ensure that the AWS Lambda functions configured as action group executors for your Amazon Bedrock agents are deployed within a Virtual Private Cloud (VPC). Amazon Bedrock agents use action groups to carry out tasks by invoking Lambda functions that contain business logic, which is often generated or influenced by information the agent elicits from users and orchestrates through the foundation model. Deploying the Lambda function inside a VPC restricts network egress to controlled paths defined by your VPC route tables, NAT gateways, and VPC endpoints, and allows you to enforce network-level access control using security groups and network ACLs.
Lambda functions serving as action group executors for Amazon Bedrock agents often process untrusted, model-generated input and can have access to sensitive internal resources or data sources, making them attractive targets for prompt injection and code injection attacks that attempt to exfiltrate data. When a Lambda function is not deployed within a VPC, it can freely establish outbound connections to any internet endpoint, giving an attacker a direct path to exfiltrate data or communicate with command-and-control infrastructure. Deploying the Lambda function inside a VPC forces all network traffic through security groups and, if configured, through a NAT gateway or VPC endpoints, allowing you to restrict egress to only the destinations required for the function to operate. This network-level containment provides an additional layer of defense that complements IAM permission boundaries and reduces the blast radius of a compromised or manipulated action group executor.
Audit
To determine if the Lambda functions used by your Amazon Bedrock Agent action groups are deployed within a VPC, perform the following operations:
Remediation / Resolution
To deploy the Lambda functions used by your Amazon Bedrock Agent action groups within a VPC, you must attach the required VPC configuration (subnets and security groups) to each Lambda function. To perform the remediation, perform the following operations:
Note: Before attaching a Lambda function to a VPC, ensure that the function's execution role has the necessary Amazon EC2 permissions (ec2:CreateNetworkInterface, ec2:DescribeNetworkInterfaces, ec2:DescribeSubnets, ec2:DeleteNetworkInterface, ec2:AssignPrivateIpAddresses, ec2:UnassignPrivateIpAddresses), typically provided via the AWS managed policy AWSLambdaVPCAccessExecutionRole. If the Lambda function requires internet access (e.g., to call external APIs), attach it to private subnets that route outbound traffic through a NAT gateway, rather than to public subnets, as connecting a function to a public subnet does not, by itself, grant internet access or a public IP address. References
- AWS Documentation
- Giving Lambda functions access to resources in an Amazon VPC - AWS Lambda
- Use action groups to define actions for your agent to perform - Amazon Bedrock
- Create a service role for Amazon Bedrock Agents - Amazon Bedrock
- Configure Lambda functions to send information that an Amazon Bedrock agent elicits from the user - Amazon Bedrock
- Add an action group to your agent in Amazon Bedrock - Amazon Bedrock
- Automate tasks in your application using AI agents - Amazon Bedrock
- AWS Command Line Interface (CLI) Documentation
- list-agents
- list-agent-action-groups
- get-agent-action-group
- get-function-configuration
- update-function-configuration