Ensure Compliance with Rule: Lambda functions restrict public access
Implement restrictions to secure Lambda functions and prevent public access.
| Rule | Lambda functions should restrict public access |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ Critical |
Rule Description:
Lambda functions should restrict public access for NIST 800-171 Revision 2. This rule ensures that the Lambda functions hosted in AWS do not have public access, as per the guidelines mentioned in the NIST 800-171 Revision 2 security framework. Public access to Lambda functions can pose a significant security risk, exposing sensitive data or allowing unauthorized access to the functions' functionality.
Troubleshooting Steps:
If public access is found for Lambda functions, follow these troubleshooting steps:
- 1.Identify the Lambda functions that have public access.
- 2.Determine the potential security impact of having public access for these functions.
- 3.Analyze the existing permissions and access controls associated with the Lambda functions.
- 4.Review the Lambda function's configuration and associated resources for any misconfigurations.
- 5.Identify any external triggers or event sources that could allow public access.
- 6.Ensure that the Lambda functions should not have public access as per the NIST 800-171 Revision 2 guidelines.
Remediation Steps:
To remediate the issue of Lambda functions having public access, follow these steps:
- 1.Identify the Lambda functions that need to be updated to restrict public access.
- 2.Open the AWS Management Console or use the AWS CLI to access the Lambda service.
- 3.Select the Lambda function that needs to be updated.
- 4.Click on the "Configuration" tab.
- 5.Scroll down to the "Permissions" section and click on the "Edit" button.
- 6.Review the existing permissions and ensure that public access is not granted.
- 7.Remove any unnecessary permissions or access levels that could potentially allow public access.
- 8.Check for any misconfigurations in triggers or event sources and update them accordingly.
- 9.Save the changes and verify that public access has been restricted.
- 10.Repeat these steps for all identified Lambda functions that need to be secured.
Necessary Code:
There is no specific code provided for this policy. The remediation steps involve modifying the Lambda function's configuration and permissions via the AWS Management Console or CLI.
However, you can use the AWS CLI to automate the process for multiple Lambda functions. Here is an example command that can help you revoke public access for a Lambda function:
aws lambda remove-permission --function-name <lambda-function-name> --statement-id <statement-id>
Replace
<lambda-function-name><statement-id>Note: Ensure that you have the necessary permissions to make changes to the Lambda functions.
Conclusion:
By adhering to the rule of restricting public access for Lambda functions as per the NIST 800-171 Revision 2 guidelines, you can enhance the security posture of your AWS environment. Regularly monitoring and enforcing this policy will mitigate the risk of unauthorized access to Lambda functions and protect sensitive data stored within them.