Rule: Lambda functions should restrict public access
This rule ensures Lambda functions do not allow public access to enhance security measures.
| Rule | Lambda functions should restrict public access |
| Framework | NIST Cybersecurity Framework (CSF) v1.1 |
| Severity | ✔ Critical |
Rule Description
This rule aims to ensure that AWS Lambda functions adhere to the NIST Cybersecurity Framework (CSF) v1 by restricting public access. By implementing this rule, Lambda functions will be prevented from being accessible by the general public, reducing the risk of unauthorized access, data breaches, and potential security vulnerabilities.
Troubleshooting Steps
If any issues arise while implementing this rule, the following troubleshooting steps can be followed:
- 1.
Error: "Lambda function remains publicly accessible."
- Issue: The Lambda function's access permissions have not been properly configured to restrict public access.
- Solution: Review the Lambda function's configuration settings and update the access permissions to restrict public access.
- 2.
Error: "Unable to invoke Lambda function after restricting public access."
- Issue: The Lambda function's access permissions may have been overly restricted, preventing authorized users or services from invoking the function.
- Solution: Review the Lambda function's configuration settings and ensure that the appropriate permissions are granted to authorized entities to invoke the function.
Necessary Codes
There are no specific codes required to enforce this rule.
Step-by-Step Guide for Remediation
To remediate and enforce the restriction of public access for NIST CSF v1 compliance for AWS Lambda functions, follow the steps below:
- 1.
Access the AWS Management Console
- Open a web browser and navigate to the AWS Management Console (https://console.aws.amazon.com).
- 2.
Navigate to Lambda service
- In the AWS Management Console, search for "Lambda" in the search bar or find and click on the "Lambda" service from the list of available services.
- 3.
Select the Lambda function
- From the Lambda functions list, select the Lambda function for which you want to restrict public access.
- 4.
Configure function's access permissions
- Click on the "Permissions" tab in the Lambda function's dashboard.
- 5.
Review existing permissions
- Examine the existing access permissions configured for the Lambda function.
- Ensure that there are no overly permissive access policies that grant public access.
- 6.
Modify the function's access configuration
- If any public access permissions are found, proceed to modify the access configuration.
- Click on "Add Permission" or "Edit" to modify the existing permission's settings.
- 7.
Restrict public access
- In the "Choose a type of permission" section, select the appropriate permission type, such as "AWS Service" (for internal service access) or "AWS Account" (for specific AWS accounts).
- Provide the necessary details for the selected permission type, such as the service or AWS account ID.
- 8.
Save the access configuration
- After setting the appropriate access permissions, click on "Save" to apply the changes.
- 9.
Test the function's access restrictions
- Verify that the Lambda function is no longer accessible to the public.
- Attempt to access the function using different methods (HTTP requests, API invocations) to ensure the access restrictions are working as intended.
- 10.
Regularly review and update access permissions
- It is important to periodically review and update the Lambda function's access permissions to ensure ongoing compliance with NIST CSF v1 and other applicable security best practices.
- Remove any unnecessary or excessive permissions to maintain a secure configuration.
By following these steps, you will successfully restrict public access for NIST Cybersecurity Framework (CSF) v1 compliance for AWS Lambda functions.