Ensure that all Amazon Lambda function environment variables that store sensitive information such as passwords, tokens and access keys are encrypted in order to meet security and compliance requirements. The environment variables defined for your Lambda functions are key-value pairs that are used to store configuration settings without the need to change function code. By default, all Lambda environment variables with the key (name) set to "pass", "password", "*token*" (i.e. any key that has "token" string in it), "api", "API", "Key", "KEY", "key" are encrypted. You can also set your own environment variables names within the rule settings on your Trend Micro Cloud One™ – Conformity account console.
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When dealing with Lambda function environment variables that hold sensitive and critical data, it is highly recommended to implement encryption in order to protect the data that you dynamically pass to your functions (usually access information) from unauthorized access.
To determine if the environment variables that pass sensitive information to your Amazon Lambda functions are encrypted in transit, perform the following operations:
Remediation / Resolution
To enable encryption in transit for the environment variables that pass sensitive information to your Amazon Lambda functions, perform the following operations:Note: Enabling encryption in transit for Lambda function environment variables using the AWS Command Line Interface (AWS CLI) is not currently supported.
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable Encryption in Transit for Environment Variables
Risk level: High