Amazon Lambda

šŸ“˜ Exposing Lambda functions to the public can create significant security risks, including unauthorized access and data leaks. It is essential to implement strict access controls to protect sensitive functions and data.

  • Section: Public Exposure
  • Severity: Critical
  • CWE: CWE-653 Insufficient Compartmentalization
  • Assurance Scope: PCI, NIST, GDPR
  • Threat Modeling Principal: Information Disclosure
  • Rule Set: Threat Modeling - Cloud Configuration Check

šŸ“˜ Granting Lambda functions administrative privileges can lead to excessive access rights, increasing the risk of security breaches. Adhering to the principle of least privilege is crucial to maintain tight security controls.

  • Section: Compute
  • Severity: High
  • CWE: CWE-284 Improper Access Control
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Information Disclosure
  • Rule Set: Threat Modeling - Cloud Configuration Check

šŸ“˜ Not enabling tracing for AWS Lambda functions can result in insufficient visibility and control over function execution, hindering effective monitoring and troubleshooting capabilities.

  • Section: Compute
  • Severity: Medium
  • CWE: CWE-778 Insufficient Logging
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Tampering, Repudiation, Availability
  • Rule Set: Threat Modeling - Cloud Configuration Check

šŸ“˜ Ensuring appropriate network access and isolation for Lambda functions is essential to maintain security and prevent unauthorized access. Careful configuration of network settings helps to safeguard sensitive data and functions.

  • Section: Compute
  • Severity: Medium
  • CWE: CWE-284 Improper Access Control
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Information Disclosure
  • Rule Set: Threat Modeling - Cloud Configuration Check

šŸ“˜ Public exposure of AWS Lambda Functions can lead to critical security vulnerabilities. It's vital to configure Lambda functions with appropriate access controls to prevent unauthorized access and potential data breaches.

  • Section: Compute
  • Severity: High
  • CWE: CWE-653 Insufficient Compartmentalization
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Information Disclosure
  • Rule Set: Rapticore Benchmark

Whatā€™s Next