Lambda functions can be accessed publicly if the resource-based policy grants permissions to the principal '*'. This can result in unauthorized access to sensitive information or the execution of malicious code on the Lambda function. It is important to ensure that resource-based policies for Lambda functions do not allow public access. For example, if a Lambda function is used to perform sensitive operations or contains confidential information, it is important to restrict access to only the intended users or applications.
Here are the remediation steps to ensure that Lambda function resource-based policy does not allow public access:
- Open the AWS Lambda console.
- Click on the function for which you want to restrict public access.
- Click on the "Permissions" tab.
- Select the "Resource-based policy" option.
- Review the policy statement(s) to identify any that allow public access.
- Modify the policy statement(s) to restrict access to only the necessary resources and actions, and only to authorized entities.
- Test the policy change to verify that the function continues to work as expected.
- Repeat this process for all functions in your account that have a resource-based policy.
- As a best practice, consider using AWS Lambda's built-in IAM roles and policies to manage access to your Lambda functions instead of resource-based policies.
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.