Amazon Lambda

3.1: Lambda Function Exposed to the Public

πŸ“˜ Exposing Lambda functions to the public can create significant security risks, including unauthorized access and data leaks. It is essential to implement strict access controls to protect sensitive functions and data.

  • Section: Public Exposure
  • Severity: Critical
  • CWE: CWE-653 Insufficient Compartmentalization
  • Assurance Scope: PCI, NIST, GDPR
  • Threat Modeling Principal: Information Disclosure
  • Rule Set: Threat Modeling - Cloud Configuration Check

4.1: Lambda using Administrative Privileges

πŸ“˜ Granting Lambda functions administrative privileges can lead to excessive access rights, increasing the risk of security breaches. Adhering to the principle of least privilege is crucial to maintain tight security controls.

  • Section: Compute
  • Severity: High
  • CWE: CWE-284 Improper Access Control
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Information Disclosure
  • Rule Set: Threat Modeling - Cloud Configuration Check

4.7: Tracing is not enabled for the AWS Lambda function

πŸ“˜ Not enabling tracing for AWS Lambda functions can result in insufficient visibility and control over function execution, hindering effective monitoring and troubleshooting capabilities.

  • Section: Compute
  • Severity: Medium
  • CWE: CWE-778 Insufficient Logging
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Tampering, Repudiation, Availability
  • Rule Set: Threat Modeling - Cloud Configuration Check

4.8: Lambda Function with Appropriate Network Access and Isolation

πŸ“˜ Ensuring appropriate network access and isolation for Lambda functions is essential to maintain security and prevent unauthorized access. Careful configuration of network settings helps to safeguard sensitive data and functions.

  • Section: Compute
  • Severity: Medium
  • CWE: CWE-284 Improper Access Control
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Information Disclosure
  • Rule Set: Threat Modeling - Cloud Configuration Check

6.2: Ensure that your AWS Lambda Function is not publicly exposed

πŸ“˜ Public exposure of AWS Lambda Functions can lead to critical security vulnerabilities. It's vital to configure Lambda functions with appropriate access controls to prevent unauthorized access and potential data breaches.

  • Section: Compute
  • Severity: High
  • CWE: CWE-653 Insufficient Compartmentalization
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Information Disclosure
  • Rule Set: Rapticore Benchmark

Updated 5 months ago

What’s Next