Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Lambda functions should be configured with a dead-letter queue

Ensure Lambda functions have dead-letter queue configured for better error handling.

RuleLambda functions should be configured with a dead-letter queue
FrameworkFedRAMP Low Revision 4
Severity
Medium

Rule Description

In order to comply with FedRAMP Low Revision 4, lambda functions should be configured with a dead-letter queue. A dead-letter queue acts as a safety net for failed executions of lambda functions, allowing you to troubleshoot and analyze the causes of those failures.

Troubleshooting Steps

  2. 1.
    Check if the lambda function is failing to execute properly.
  4. 2.
    Verify if the function is not throwing any unhandled exceptions or errors.
  6. 3.
    Ensure that the function has the necessary permissions to access the dead-letter queue.
  8. 4.
    Verify that the dead-letter queue has been properly configured and is accessible.

Necessary Codes

No specific codes are required to comply with this rule as it involves configuration settings and permissions for lambda functions.

Remediation Steps

Follow the step-by-step guide below to configure a dead-letter queue for a lambda function:

  2. 1.
    Open the AWS Management Console and go to the AWS Lambda service.
  4. 2.
    Select the lambda function for which you want to configure a dead-letter queue.
  6. 3.
    In the configuration section of the function, locate the "Dead Letter Queue" option and click on "Edit".
  8. 4.
    Choose an existing SQS queue or create a new one to be used as the dead-letter queue.
  10. 5.
    Ensure that the required permissions are set for the lambda function to access the dead-letter queue.
  12. 6.
    Save the changes to the lambda function configuration.

CLI Command for Remediation

If you prefer to use the AWS Command Line Interface (CLI) for the remediation steps, you can use the following command:

aws lambda update-function-configuration --function-name <function-name> --dead-letter-config TargetArn=<dead-letter-queue-arn>

Replace 

<function-name>
with the name or ARN of the lambda function you want to configure and 
<dead-letter-queue-arn>
with the ARN of the dead-letter queue.

Once executed, the command will update the configuration of the lambda function to use the specified dead-letter queue.

Note: Ensure that you have necessary permissions to perform the required actions using the AWS CLI.

Is your System Free of Underlying Vulnerabilities?
Find Out Now