Rule: Lambda Functions Concurrent Execution Limit Configured
This rule ensures the configured limit for concurrent execution of Lambda functions is in place.
| Rule | Lambda functions concurrent execution limit configured |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ Low |
Rule Description
The Lambda function concurrent execution limit is a configuration setting for AWS Lambda, specifically tailored for organizations that need to comply with the NIST 800-171 Revision 2 security requirements. This rule ensures that the number of concurrent executions for Lambda functions adheres to the prescribed limit set by NIST 800-171 Revision 2.
Policy Details
To comply with NIST 800-171 Revision 2, organizations must manage and limit the number of concurrent executions of Lambda functions to prevent any potential security vulnerabilities or performance issues. This limit can be customized based on the specific needs of the organization but should align with the recommendations provided by NIST 800-171 Revision 2.
When the concurrent execution limit is not properly configured, it can lead to various issues such as resource exhaustion, degraded performance, or potential denial-of-service (DoS) attacks. Therefore, it is crucial to ensure that the concurrent execution limit is set correctly for Lambda functions.
Troubleshooting Steps
If you suspect that the concurrent execution limit is not configured correctly for your Lambda functions, follow these troubleshooting steps:
- 1.
Identify the Current Configuration: Firstly, check the current configuration of the concurrent execution limit for your Lambda functions. This can be done using the AWS Management Console or the AWS Command Line Interface (CLI).
- 2.
Review NIST 800-171 Revision 2 Guidelines: Compare the current configuration with the guidelines provided by NIST 800-171 Revision 2 to ensure compliance. Make sure that the concurrent execution limit is within the recommended range specified by NIST 800-171 Revision 2.
- 3.
Analyze Performance and Resource Utilization: Monitor the performance and resource utilization of your Lambda functions during normal operations. If you observe any performance issues, unexpected resource consumption, or potential DoS attacks, it may indicate that the concurrent execution limit is not appropriately set.
- 4.
Adjust the Concurrent Execution Limit: If the current limit is not aligned with the NIST 800-171 Revision 2 guidelines or if performance issues are identified, it may be necessary to adjust the concurrent execution limit for your Lambda functions.
Necessary Codes
The following AWS CLI command can be used to update the concurrent execution limit for a specific Lambda function:
aws lambda put-function-concurrency --function-name <function-name> --reserved-concurrent-executions <concurrency-limit>
Replace
<function-name><concurrency-limit>Remediation Steps
To remediate the concurrent execution limit configuration for Lambda functions, follow these steps:
- 1.
Review NIST 800-171 Revision 2 Guidelines: Understand the concurrent execution limit guidelines provided by NIST 800-171 Revision 2 specific to your organization's requirements.
- 2.
Identify the Lambda Functions: Identify the Lambda functions that require adjustment in their concurrent execution limits based on the guidelines reviewed.
- 3.
Update the Concurrent Execution Limit: Use the provided AWS CLI command or access the AWS Management Console to update the concurrent execution limit for each identified Lambda function. Set the value within the recommended range specified by NIST 800-171 Revision 2.
- 4.
Monitor and Verify: Monitor the performance and resource utilization of the updated Lambda functions to ensure they are operating within the expected limits and complying with the revised configuration.
- 5.
Continuous Monitoring: Regularly review and reassess the concurrent execution limit for Lambda functions to adapt to any changes in workload or evolving security requirements outlined by NIST 800-171 Revision 2.
By following these steps, you can ensure the concurrent execution limit for Lambda functions adheres to the guidelines outlined in NIST 800-171 Revision 2, maintaining compliance and reducing the risk of potential security vulnerabilities or performance issues.