Triage AWS Lambdas should leverage ARM instances ARM_DISABLED

Quick Links

Configure AWS Lambdas should leverage ARM instances
Use Case for AWS Lambdas should leverage ARM instances
Triage Guides by Violation Type
1. Triage AWS Lambdas should leverage ARM instances ARM_DISABLED

Why should I care about fixing this issue?

Lambda on ARM is substantially cheaper than Lambda on x86. Running on x86, unless necessary, is wasteful spending.

See the AWS Documentation, Migrating AWS Lambda functions to Arm-based AWS Graviton2 processors

What is the data source for this policy?

This policy relies on a call to lambda:GetFunction. If the response contains x86 in the architectures field, then a violation is opened by the policy.

Does this policy scan on a schedule? If so, when?

No, it's triggered when changes to matching resources are detected.

Violations

ARM_DISABLED

How do I enable ARM on Lambda using AWS Console?

While it's possible to set Lambda architecture in the AWS Console, it would be ill-advised unless you're certain that your application is built for execution on ARM.

How do I enable ARM on Lambda using CloudFormation?

AWS::Lambda::Function

Modify your resource definition to set architectures property to arm64, similar to the following. Note that the default value of architectures is x86_64, so you may not find an existing architectures property.

 Type: AWS::Lambda::Function
 Properties: 
   Architectures: 
-    - x86_64
+    - arm64

How do I enable ARM on Lambda using Terraform?

aws_lambda_function

Modify your resource definition to set architectures argument to arm64, similar to the following. Note that the default value of architectures is x86_64, so you may not find an existing architectures argument.

 resource "aws_lambda_function" "example" {
-  architectures = ["x86_64"]
+  architectures = ["arm64"]
 }

How do I enable ARM on Lambda using AWS CLI?

update-function-code

During your next code deployment, include the --architectures argument, similar to the following.

 aws \
   lambda update-function-code \
   --function-name example-service \
   --s3-bucket example-service-deploy-bucket \
   --s3-key /service-artifact.zip \
-  --architectures x86_64
+  --architectures arm64

When is it appropriate to mark this violation as "by design"?

See Which architecture should I use for my Lambda?

Which architecture should I use for my Lambda?

In general, you should use arm64 by default, because it's cheaper, unless you have a good reason not to. Good reasons include

Your application or it's dependencies only run on x86_64
The cost savings is insufficient for the effort to migrate and validate

Triage AWS Lambdas should leverage ARM instances ARM_DISABLED

Quick Links​

Why should I care about fixing this issue?​

What is the data source for this policy?​

Does this policy scan on a schedule? If so, when?​

Violations​

ARM_DISABLED​

How do I enable ARM on Lambda using AWS Console?​

How do I enable ARM on Lambda using CloudFormation?​

How do I enable ARM on Lambda using Terraform?​

How do I enable ARM on Lambda using AWS CLI?​

When is it appropriate to mark this violation as "by design"?​

Which architecture should I use for my Lambda?​