Lambda functions should operate in more than one availability zone false positives

[megaproaktiv]

Describe the bug Rel.2 "Lambda functions should operate in more than one availability zone " shows also functions which are not in a vpc

Steampipe version (steampipe -v) Example: v0.19.3

Plugin version (steampipe plugin list) Example: aws@latest | 0.99.0

To reproduce Run dashboard, goto rel.2 http://localhost:9194/aws_well_architected.benchmark.reliability

Expected behavior Lambdas without VPC should be skipped

Additional context Some Lambda do not have "nil", but an empty vpc config like:

aws lambda get-function --function-name funcition
{
    "Configuration": {
        "FunctionName": "Name",
        "FunctionArn": "arn:aws:lambda:eu-central-1:12345678912:function:name",
        "Runtime": "python3.9",
...
        "VpcConfig": {
            "SubnetIds": [],
            "SecurityGroupIds": [],
            "VpcId": ""
        },

So steampipe-mod-aws-well-architected/query/lambda.sp - query "lambda_function_multiple_az"

is to patch:

+++ b/query/lambda.sp
@@ -50,7 +50,7 @@ query "lambda_function_multiple_az" {
     select
       arn as resource,
       case
-        when vpc_id is null then 'skip'
+        when vpc_id = '' is not false then 'skip'
         else case
           when
           (

[rajlearner17]

@megaproaktiv, I appreciate your feedback.

Considering this control in the AWS WellArchited mod uses the AWS compliance mod internally to re-use the controls, I have moved the issue here. We are actively checking it. Ref

[rajlearner17]

@megaproaktiv, we replicated this case; just keeping some content to benefit in future;

• When the lambda function uses the VPC, we get the VpcConfig block with VPC details- This works fine
• When the lambda is not using the VPC, it does not show up VpcConfig block - This works fine
• When the VPC is removed from the lambda, the VpcConfig is converted to below - This failed

      "VpcConfig": {
          "SubnetIds": [],
          "SecurityGroupIds": [],
          "VpcId": ""
      },

Steampipe response

> select name, vpc_id from aws_lambda_function
+--------------------------------+-----------------------+
| name                           | vpc_id                |
+--------------------------------+-----------------------+
| rk-delete-me-15-apr-with-vpc-1 | vpc-0497ad818556d7a42 |
| rk-delete-me-15-apr            | <null>                |
| rk-delete-me-15-apr-with-vpc   |                       |
+--------------------------------+-----------------------+
> 

We have raised PR for this here; also, we are fixing the same in the WellArchitected mod and another query lambda_function_in_vpc. Thanks for catching it; let us know if you have other observations.