We’re glad to inform you that we’ve added three new rules to our powerful nOps rules engine. These three new rules will assist you in optimizing your AWS Lambda resources through continuous monitoring of your Lambda functions and environment variables. The nOps security dashboard will notify you if misconfigurations or violations of best practices are found. 

Let’s take a look at these three new rules:

Lambda environment variables without encryption enabled

AWS recommends that you use environment variables to pass parameters to your Lambda function. As a result, these environment variables may contain sensitive information and should be encrypted. By default, AWS encrypts your Lambda functions at rest using the server-side KMS(Key Management Service) encryption. You can also encrypt your functions in transit using a preferred client-side CMK(Customer Master Key) option for further protection. 

With this new rule, nOps examines your cloud environment for unencrypted Lambda environment variables and brings them to your attention. 

Public Lambda function without exception

You must not expose your AWS Lambda functions to unauthorized access while creating and configuring them. To achieve this, AWS recommends that you use the strictest access policies possible. This will prevent malicious elements from invoking your Lambda without proper credentials.  

This new rule checks if the Lambda access policy allows public invocation and alerts you if it does. 

Lambda function without trigger

Lambda functions are initiated with triggers – specific events that kickstart Lambda functions when they happen. Lambda functions without triggers lead to operational complexity and unmanaged resources.

With this new rule, the nOps engine looks for Lambda functions that don’t have defined triggers informs you of the orphaned lambda functions.

Remediation Process

To expedite the remediation process, nOps provides you with granular details about each violation. 

You may either override the discovered violation or click the Resource Details button to learn more about the Lambda resource at fault. 

You may then check the resource on the AWS console or add a Jira ticket for your CloudOps/DevOps team. 

Conclusion

AWS Lambda is a low-cost, high-performance serverless platform for event-driven computations. When creating and configuring Lambda functions, it’s essential to follow best practices to guarantee optimal performance.

nOps continuously monitors your Lambda resources for compliance with security best practices, alerting you to any misconfigurations before they are exploited.