CloudWiki
Rules
Critical

Lambda with Admin access (*:*)

Security & Compliance
Description

Lambda with Admin access refers to situations where a Lambda function has excessive permissions, allowing it to perform actions that are beyond the scope of its intended functionality. This can be a security risk as it may allow an attacker to gain unauthorized access to sensitive resources or perform malicious actions within an organization's cloud environment.

Remediation

To remediate Lambda functions with Admin access, the following steps can be taken:

  1. Review IAM permissions: Review the IAM roles and permissions associated with the Lambda function to ensure that it only has the necessary permissions to perform its intended functionality. Remove any unnecessary permissions.
  2. Use least privilege principle: Apply the principle of least privilege, which means granting only the minimum permissions necessary to perform a task. This can help limit the potential impact of a security breach.
  3. Implement access controls: Use AWS Identity and Access Management (IAM) policies to restrict access to the Lambda function to only authorized users or roles. Ensure that access controls are applied consistently across all Lambda functions.
  4. Monitor function activity: Set up CloudWatch logs and metrics to monitor the activity of the Lambda function. This can help identify any unusual or suspicious behavior that may indicate a security breach.
  5. Implement automated security checks: Use AWS Config rules to enforce compliance with security best practices and detect any non-compliant resources, such as Lambda functions with excessive permissions.
  6. Perform regular security audits: Conduct regular security audits of your AWS environment to identify any security risks and take appropriate remediation steps.
Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.