We’re glad to inform you that three new rules have been added to the rules engine to help you optimize your AWS Lambda resources through continuous monitoring of your Lambda functions and environment variables. The security dashboard will notify you if misconfigurations or violations of best practices are found.

Lambda environment variables without encryption enabled

AWS recommends using environment variables to pass parameters to your Lambda function. These environment variables may contain sensitive information and should be encrypted. By default, AWS encrypts your Lambda functions at rest using server-side KMS (Key Management Service) encryption. You can also encrypt functions in transit using a preferred client-side CMK (Customer Master Key) for further protection. This new rule examines your cloud environment for unencrypted Lambda environment variables and brings them to your attention.

Public Lambda function without exception

You must not expose your AWS Lambda functions to unauthorized access when creating and configuring them. AWS recommends using the strictest access policies possible to prevent malicious elements from invoking your Lambda without proper credentials. This rule checks if the Lambda access policy allows public invocation and alerts you if it does.

Lambda function without trigger

Lambda functions are initiated with triggers—specific events that kickstart the function. Functions without triggers lead to operational complexity and unmanaged resources. This rule identifies Lambda functions that don’t have defined triggers and informs you of these orphaned functions.

Remediation Process

To expedite the remediation process, the system provides granular details about each violation. You may either override the discovered violation or click the Resource Details button to learn more about the Lambda resource in question. You may then check the resource on the AWS console or add a Jira ticket for your CloudOps/DevOps team.

Conclusion

AWS Lambda is a low-cost, high-performance serverless platform for event-driven computations. When creating and configuring Lambda functions, it’s essential to follow best practices to guarantee optimal performance. This solution continuously monitors your Lambda resources for compliance with security best practices, alerting you to any misconfigurations before they are exploited.