Ensure Lambda functions are not publicly exposed

Ensure that your Lambda functions are not publicly exposed by validating their access policy. This will help with protecting the function against unauthorized users that are sending request to invoke these functions. For this reason this is considered a security best practice and should have public access removed. Ensuring this is enabled will help you with PCI-DSS and GDPR compliance.

Audit & Remediation

 

 

  • Select the function under Function name in order to gain access to the individual function.
  • Select the Permissions tab the scroll down to the Resource-based policy section.

 

 

  • If no policy is found, then your function is not public.
  • If you currently do have a policy set, Inside the Lambda function policy box, check the Principal element value. If the Principal element has one of the following values: "*" or { "AWS": "*" } and the function policy is not using any Condition clauses such as 'Condition': {"StringEquals": { "AWS:SourceAccount": "" } } to filter the access, the selected Amazon Lambda function is exposed to anonymous access.

 

 

See all of your AWS Lambda Functions in a single place!

Do you want to see all of your Lambda Functions in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

 

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.

learn more +