Identify any publicly accessible Amazon Lambda functions and update their access policy in order to protect against unauthorized users that are sending requests to invoke these functions.
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Allowing anonymous users to invoke your Amazon Lambda functions is considered a bad practice and can lead to data exposure, data loss, and unexpected charges on your AWS bill. To prevent any unauthorized invocation requests to your Lambda functions, restrict access only to trusted entities by implementing the appropriate permissions policies.
To identify any exposed Amazon Lambda functions currently available within your AWS cloud account, perform the following operations:
Remediation / Resolution
To update the resource-based policies associated with your Amazon Lambda functions in order to allow function invocation only from trusted entities, perform the following operations:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Check for Exposed Lambda Functions
Risk level: High