Home Secure AWS Lambda resources from unauthorized cross-account access

Secure AWS Lambda resources from unauthorized cross-account access

-

AWS Lambda is the serverless computing which significantly contributes to the performance of your cloud infrastructure. It is highly recommended to give attention to the account access settings for your AWS lambda resources. This is to ensure that there is no manipulation or misuse of your cloud resources.

Protect your AWS Lambda resources from cross-account access

Lambda allows function invocation from both known and unknown sources. Allowing function invocation from unknown resources is not recommended. Function invocation from unauthorized resources creates the situation of cross-account access. This situation should be avoided to ensure secure use of Lambda resources without the risk of any security breach.

You can also trace your Lambda functions using AWS X-ray.

Centilytics has a dedicated insight into Lambda cross-account access. This check gives warnings to the user whenever there is an unknown function invocation in their Lambda function requests.

Insight Descriptions:

There can be two possible scenarios:

Severity Description
Critical This indication is displayed when your account is not secure and allows unauthorized access.
OK This indication will be displayed when your account is secure and allows authorized access.

 

Description of further columns are as follows:

  1. Account Id: This column shows the respective account ID of the user’s account.AWS Lambda s1
  2. Account Name: This column shows the corresponding account name to the user’s account.AWS Lambda s2
  3. Region: This column shows the region in which the corresponding resource exists.AWS Lambda s5
  4. Function Name: This column shows the name of your lambda function.AWS Lambda s3
  5. Identifier: This column shows the ARN or Amazon Resource Number of your lambda function for unique identification of different resources.AWS Lambda s4

Filters Applicable:

Filter Name Description
Account Id Applying the account Id filter will display data for the selected account Id.
Region Applying the region filter will display data corresponding to the selected region
Severity Applying severity filter will display public snapshots according to the selected severity type. This means, selecting Critical will display all resources with critical severity. Same will be the case for Warning and Ok severity types.
Resource Tags Applying resource tags filter will display those resources which have been assigned the selected resource tag. For e.g., A user has tagged some public snapshots by a resource tag named environment. Then selecting an environment from the resource tags filter will display all those resources tagged by the tag name environment.
Resource Tags Value Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment: production).

Hence, the user can view data of all the resources which have “environment:production” tag assigned. The user can use the tag value filter only when a tag name has been provided.

 

Read More about AWS Lambda – here

Cloud

Cloud Management