Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Lambda functions should restrict public access

Ensure Lambda functions are secure by restricting public access

RuleLambda functions should restrict public access
FrameworkNIST 800-53 Revision 5
Severity
Critical

Rule Description:

Lambda functions should have restricted public access to ensure compliance with NIST 800-53 Revision 5, which is a comprehensive security framework for federal information systems and organizations. This rule ensures that Lambda functions are not inadvertently accessible to the public, reducing the potential for unauthorized access and data breaches.

Troubleshooting Steps:

  2. 1.
    Check Lambda function permissions: Verify the current access permissions for the Lambda function.
  4. 2.
    Review the AWS resource policies: Check if there are any resource policies associated with the Lambda function that allow public access.
  6. 3.
    Review the associated VPC configuration: If the Lambda function is associated with a VPC, ensure that proper security groups and network access control lists (ACLs) are in place.
  8. 4.
    Check for any exposed API Gateway endpoints: Ensure that the API Gateway endpoints associated with the Lambda function do not have public access enabled.
  10. 5.
    Review CloudFormation templates and Infrastructure as Code (IaC) scripts: Check if there are any misconfigurations in the CloudFormation templates or IaC scripts that allow public access.

Necessary Codes (if applicable):

There are no specific codes to be implemented for this rule. However, you may need to modify the existing Lambda function configuration to restrict public access if required.

Step-by-Step Guide for Remediation:

  2. 1.
    Open the AWS Management Console and navigate to the Lambda service.
  4. 2.
    Select the Lambda function that needs to be reviewed for public access restrictions.
  6. 3.
    In the "Permissions" tab, review the existing permissions, including the resource-based policies.
  8. 4.
    If any resource-based policies allow public access, modify the policy to restrict access.
  10. 5.
    If the Lambda function is associated with a VPC, ensure that the associated security groups and network ACLs only allow necessary inbound and outbound traffic.
  12. 6.
    If there are API Gateway endpoints associated with the Lambda function, review their configurations to ensure they do not have public access enabled. Modify the API Gateway settings if required.
  14. 7.
    If the Lambda function is deployed through CloudFormation templates or IaC scripts, review the templates/scripts for any misconfigurations that allow public access. Modify the templates/scripts accordingly.
  16. 8.
    After making the necessary changes, test the Lambda function to ensure it functions as expected.
  18. 9.
    Monitor the Lambda function and associated resources periodically to ensure ongoing compliance with the restricted public access policy.

Note: It is recommended to follow AWS best practices and security guidelines when configuring and securing Lambda functions to align with NIST 800-53 Revision 5 requirements. Regularly review and update the access permissions to meet changing security needs.

Is your System Free of Underlying Vulnerabilities?
Find Out Now