Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Lambda functions should use latest runtimes

Ensure Lambda functions comply with using the latest runtimes.

RuleLambda functions should use latest runtimes
FrameworkAWS Foundational Security Best Practices
Severity
Medium

Rule Description

The rule requires all Lambda functions in AWS to use the latest runtimes available to comply with the AWS Foundational Security Best Practices.

Lambda functions are serverless compute services offered by AWS that allow you to run your code without provisioning or managing servers. By using the latest runtimes, you ensure that your Lambda functions benefit from the latest security enhancements, bug fixes, and performance improvements.

Troubleshooting Steps

If your Lambda functions are not using the latest runtimes, you might encounter compatibility issues, security vulnerabilities, or miss out on potential optimizations. To troubleshoot this, follow these steps:

  1. 1.
    Review the Lambda functions: Identify the Lambda functions that need to be updated to use the latest runtimes.
  2. 2.
    Identify the outdated runtimes: Check the current runtimes being used by the identified functions.
  3. 3.
    Verify runtime availability: Confirm if there are newer runtimes available for the identified functions.
  4. 4.
    Check runtime compatibility: Ensure that the newer runtimes are compatible with the code and dependencies used by the Lambda functions.
  5. 5.
    Test function compatibility: Create a test environment and run your Lambda functions with the updated runtime to verify compatibility and functionality.

If any issues arise during the troubleshooting process, consider the following:

  • Compatibility issues between the code and the new runtime version may require code modifications.
  • Some language runtime versions may have deprecated specific features or functions, requiring code refactoring or updates.
  • Certain dependencies may not be compatible with the new runtime version. Consider updating or modifying the dependencies accordingly.

Required Code

Updating the runtime of a Lambda function requires modifying the function's configuration, which can be done using the AWS Command Line Interface (CLI) or AWS SDKs. Generate the necessary code based on the programming language you are using:

Python

aws lambda update-function-configuration \
    --function-name <lambda-function-name> \
    --runtime python3.8

Replace

<lambda-function-name>
with the actual name of your Lambda function.

Node.js

aws lambda update-function-configuration \
    --function-name <lambda-function-name> \
    --runtime nodejs14.x

Replace

<lambda-function-name>
with the actual name of your Lambda function.

Java

aws lambda update-function-configuration \
    --function-name <lambda-function-name> \
    --runtime java11

Replace

<lambda-function-name>
with the actual name of your Lambda function.

.NET Core

aws lambda update-function-configuration \
    --function-name <lambda-function-name> \
    --runtime dotnetcore3.1

Replace

<lambda-function-name>
with the actual name of your Lambda function.

Go

aws lambda update-function-configuration \
    --function-name <lambda-function-name> \
    --runtime go1.x

Replace

<lambda-function-name>
with the actual name of your Lambda function.

Step-by-Step Guide for Remediation

Follow these steps to remediate the rule and ensure that your Lambda functions use the latest runtimes:

  1. 1.
    Identify the Lambda functions: Determine which Lambda functions need to be updated to use the latest runtimes. Review their purpose and potential runtime compatibility issues.
  2. 2.
    Check current runtime: Use the AWS Management Console, AWS CLI, or AWS SDKs to verify the current runtime version of each Lambda function.
  3. 3.
    Verify runtime availability: Visit the AWS documentation or Lambda runtime release notes to validate if there are newer runtimes available for the Lambda functions.
  4. 4.
    Plan code modifications if necessary: If the new runtime differs significantly from the current one, assess the potential impact on your code. Document and plan for any required code modifications or refactorings.
  5. 5.
    Test runtime compatibility: Create a test environment or utilize AWS Lambda's Blue/Green deployment strategy to deploy a new version of your Lambda function with the latest runtime. Test its compatibility with your code and dependencies to ensure proper functionality.
  6. 6.
    Update Lambda functions: Once compatibility is verified, update each Lambda function to use the latest runtime using the appropriate AWS CLI command mentioned above for your programming language.
  7. 7.
    Validate the update: Confirm that the runtime has been successfully updated by reviewing the Lambda function's configuration through the AWS Management Console or by using the AWS CLI command
    aws lambda get-function-configuration --function-name <lambda-function-name>
    .
  8. 8.
    Repeat for all Lambda functions: Iterate through each Lambda function that needs an update, ensuring that all are using the latest runtimes.

By following these steps, you can ensure that your Lambda functions are using the latest runtimes and benefiting from the latest security enhancements, bug fixes, and performance improvements recommended by the AWS Foundational Security Best Practices.

Is your System Free of Underlying Vulnerabilities?
Find Out Now