AWS Lambda

Best practice rules for AWS Lambda

Trend Micro Cloud One™ – Conformity monitors AWS Lambda with the following rules:

• Enable Code Signing for Lambda Functions

  Ensure that Code Signing is enabled for your Amazon Lambda functions.

• Enable Encryption for Lambda Environment Variables

  Ensure encryption is enabled for the AWS Lambda environment variables that store sensitive information.

• Enable Enhanced Monitoring for Lambda Functions

  Ensure that your Amazon Lambda functions are configured to use enhanced monitoring.

• Function Exposed

  Ensure that your Amazon Lambda functions are not exposed to everyone.

• Lambda Cross Account Access

  Ensure AWS Lambda functions do not allow unknown cross account access via permission policies.

• Lambda Function With Admin Privileges

  Ensure no Lambda function available in your AWS account has admin privileges.

• Lambda Runtime Environment Version

  Ensure that the latest version of the runtime environment is used for your AWS Lambda functions.

• Lambda Tracing Enabled

  Ensure that tracing (i.e. Lambda support for Amazon X-Ray service) is enabled for your AWS Lambda functions.

• Use AWS KMS Customer Master Keys for Lambda Environment Variables Encryption

  Ensure Lambda environment variables are encrypted with KMS Customer Master Keys (CMKs) to gain full control over data encryption and decryption.

• Using An IAM Role For More Than One Lambda Function

  Ensure AWS Lambda functions do not share the same IAM execution role.

• VPC Access for AWS Lambda Functions

  Ensure AWS Lambda functions are configured to access resources in a Virtual Private Cloud (VPC).