Rule: Lambda functions should use latest runtimes

Ensure Lambda functions comply with using the latest runtimes.

Rule	Lambda functions should use latest runtimes
Framework	AWS Foundational Security Best Practices
Severity	✔ Medium

Rule Description

AWS recommends using the latest runtimes for Lambda functions to ensure the best security practices are in place. Keeping the runtimes up to date is important as new versions often include security patches and bug fixes, reducing the risk of vulnerabilities.

Troubleshooting Steps

1.
Identify the current runtime version of the Lambda function by accessing the AWS Management Console or using AWS Command Line Interface (CLI) commands.

2.
Check the AWS Lambda runtime release notes to determine the latest available version.

3.
Compare the current runtime version with the latest version to identify any discrepancies.

4.
Verify if the function's compatibility and dependencies allow for an upgrade to the latest runtime version.

5.
Identify any potential impacts on the function's functionality or third-party integrations by consulting the documentation or reaching out to the relevant parties.

6.
Analyze the lambda handler code and ensure compatibility with the latest runtime version.

Necessary Codes

There are no specific codes required as part of this rule. However, the following example demonstrates how to update the function's runtime version using the AWS CLI.

Step-by-Step Guide for Remediation

1.

Open the AWS Management Console or access the AWS CLI.

2.
Identify the name of the Lambda function that needs its runtime upgraded.
- AWS Management Console: Navigate to the Lambda service and select the desired function from the list.
- AWS CLI: Execute the following command, replacing
  function-name
  with the actual name of the Lambda function:
  aws lambda get-function --function-name function-name

3.

Once you have identified the current runtime version, check the AWS Lambda runtime release notes to determine the latest available version: https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html

4.

Verify if the function's compatibility and dependencies allow for an upgrade to the latest runtime version.

5.
Update the runtime version with the following command:
- AWS Management Console: Navigate to the Lambda service, select the function, and update the
  Runtime
  configuration to the latest version.
- AWS CLI: Execute the following command, replacing
  function-name
  and
  runtime-version
  with the actual function name and latest runtime version:
  aws lambda update-function-configuration --function-name function-name --runtime runtime-version

6.

Observe any impact on the function's functionality after the runtime version is updated. Test and verify that all desired behaviors are still functioning as expected.

7.

Monitor the function's logs and metrics to ensure there are no new errors or abnormalities caused by the runtime upgrade.

8.

Repeat the above steps periodically to ensure the Lambda function is always using the latest runtime version.

By following these steps and keeping your Lambda function's runtime up to date, you can adhere to AWS's Foundational Security Best Practices and maintain a secure serverless environment.

Rule: Lambda functions should use latest runtimes

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-Step Guide for Remediation

Is your System Free of Underlying Vulnerabilities? Find Out Now

Step-by-Step Guide for Remediation

Is your System Free of Underlying Vulnerabilities?
Find Out Now