Rule: Lambda Functions Should Restrict Public Access
Ensure Lambda functions restrict public access to enhance security measures.
| Rule | Lambda functions should restrict public access |
| Framework | NIST 800-53 Revision 4 |
| Severity | ✔ Critical |
Rule Description
The Lambda functions in an AWS environment should have public access restricted to comply with the security requirements of NIST 800-53 Revision 4. Lambda functions are serverless compute resources that run code in response to events. Restricting public access to Lambda functions helps ensure that sensitive data and resources are not exposed to unauthorized individuals or entities.
Troubleshooting Steps (if applicable)
If Lambda functions are found to have public access enabled, follow these steps for troubleshooting:
- 1.
Identify the Lambda functions with public access:
- Access the AWS Management Console.
- Navigate to the Lambda service.
- Review the functions listed and their associated settings.
- 2.
Verify that the public access restriction is actually required:
- Check your organization's security policies and compliance requirements to confirm if public access to Lambda functions is allowed or not.
- 3.
If public access to Lambda functions is not permitted, proceed with remediation steps.
Remediation Steps
To restrict public access for Lambda functions and comply with NIST 800-53 Revision 4, follow these steps:
- 1.
Access the AWS Management Console.
- 2.
Navigate to the Lambda service.
- 3.
Select the Lambda function for which you want to restrict public access.
- 4.
Click on the "Configuration" tab for the selected function.
- 5.
Under the "Permissions" section, review the function's associated permissions. Ensure that there are no public (i.e., unauthenticated) permissions granted.
- 6.
If there are public permissions present, edit the function's access permissions by following these sub-steps:
- Click on the "Add Permission" button.
- Choose the appropriate "Principal" for the permission. It should not be "*" (wildcard) or an unauthenticated user/group.
- Configure the necessary "Action" and "Resource" settings based on your function's requirements.
- Optionally, specify a unique "Function name" to make it easier to identify the purpose of the permission.
- Click on the "Add" or "Save" button to apply the changes.
- 7.
Repeat steps 5 and 6 for all Lambda functions with public access.
Code Samples (if applicable)
There is no specific code required to restrict public access for Lambda functions. Instead, you need to configure the access permissions using the AWS Management Console as described in the remediation steps.
Additional Notes
- Be cautious while modifying the access permissions of Lambda functions, as incorrect configurations can lead to functional issues.
- Regularly review access permissions and audit the security posture of Lambda functions to ensure continuous compliance with NIST 800-53 Revision 4.