Cloud security can be configured according to the exact business requirements of the organization. It is the need of the hour to make sure that your deployed resources on the cloud are safe and secure from any kind of potential security attack. AWS Lambda is the serverless cloud computing service which requires certain security practices related to IAM role to be followed.
Assign IAM role to your AWS Lambda functions without any admin permissions
AWS Lambda supports the use of multiple programming languages through the runtime. Users can choose the runtime when they create a function.
You should assign an IAM role to your lambda functions that do not grant administrative permissions to them. IAM role allows assigning only specific permissions to the users which further ensures secure use and access to your resources and services in AWS. IAM role also allows the admin to have control over the different set of permissions that is to be assigned to different users in the cloud infrastructure.
Centilytics ensures that you have created IAM roles for your Lambda
Centilytics provides insight regarding the IAM role assigned to lambda functions and warns you if administrative permissions for those functions are detected in your cloud infrastructure.
There can be two possible scenarios:
|CRITICAL||This indication will be displayed when the lambda functions with administrative permissions are detected.|
|OK||This indication will be displayed when the lambda functions do not have administrative permissions.|
Description of further columns are as follows:
- Account Id: This column shows the respective account ID of the user’s account.
- Account Name: This column shows the corresponding account name to the user’s account.
- Region: This column shows the region in which the corresponding resource exists.
- Function Name: This column shows the name of your lambda function.
- Role Name: This column shows the name of your IAM role.
- Identifier: This column shows the ARN or Amazon Resource Number of your lambda function for unique identification of different resources.
|Account Id||Applying the account Id filter will display data for the selected account Id.|
|Region||Applying the region filter will display data corresponding to the selected region|
|Severity||Applying severity filter will display public snapshots according to the selected severity type i.e. selecting critical will display all resources with critical severity. Same will be the case for Warning and Ok severity types.|
|Resource Tags||Applying resource tags filter will display those resources which have been assigned the selected resource tag. For e.g., A user has tagged some public snapshots by a resource tag named environment. Then selecting an environment from the resource tags filter will display all those resources tagged by the tag name environment.|
|Resource Tags Value||Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment: production).
Hence, the user can view data of all the resources which have “environment:production” tag assigned. The user can use the tag value filter only when a tag name has been provided.
Read more about AWS IAM roles.