Links

AWS Lambda

Best practices and references below are based on published guidance from the cloud service provider and may reference native capabilities the cloud service provider offers. If you are not using the native security capabilities, the same security requirement can be met using other security capabilities your organization utilizes

Application Lifecycle Management

Design Guidance:

AWS::Lambda::Alias

Function Name
Terraform
Function Version
Terraform
Name
Terraform

AWS::Lambda::EventInvokeConfig

Function Name
Terraform
Qualifier
Terraform

AWS::Lambda::EventSourceMapping

Event Source Arn
Terraform
Function Name
Terraform

AWS::Lambda::Function

Description
Terraform
Function Name
Terraform
Handler
Terraform

AWS::Lambda::LayerVersion

Description
Terraform
Layer Name
Terraform
Content-S3bucket
Terraform

AWS::Lambda::Version

Description
Function Name

Session Limits

Design Guidance:

AWS::Lambda::Alias

Provisioned Concurrency Config-Provisioned Concurrent Executions
Terraform

AWS::Lambda::Function

Reserved Concurrent Executions
Terraform

AWS::Lambda::Version

Provisioned Concurrency Config-Provisioned Concurrent Executions

Information Flow Routing

AWS::Lambda::EventInvokeConfig

On Success-Destination
Terraform

Fault-Tolerance

AWS::Lambda::EventInvokeConfig

On Failure-Destination
Terraform

AWS::Lambda::EventSourceMapping

On Failure-Destination
Terraform

Input Validation

Design Guidance:

AWS::Lambda::EventInvokeConfig

Maximum Event Age In Seconds
Terraform

Application Code Analysis

Design Guidance:

AWS::Lambda::Function

Code-Image Uri
Terraform
Code-S3bucket
Terraform
Code-S3object Version
Terraform
Code-Zip File
Terraform
Runtime
Terraform

AWS::Lambda::LayerVersion

Content-S3key
Terraform

Identification and Authentication

Design Guidance:

AWS::Lambda::Function

Code-S3key
Terraform

Application Layer Encryption

Design Guidance:

AWS::Lambda::Function

Kms Key Arn
Terraform

Shared System Resource Management

Design Guidance:

AWS::Lambda::Function

Memory Size
Terraform

Utilize Role-based Access Control

Design Guidance:

AWS::Lambda::Function

Role
Terraform

Asset Inventory

Design Guidance:

AWS::Lambda::Function

Tags
Terraform

Network Isolation and Segregation

AWS::Lambda::Function

VPC Config
Terraform

Firewalls

AWS::Lambda::Function

VPC Config-Security Group Ids
Terraform

Subnet Isolation

Design Guidance:

AWS::Lambda::Function

VPC Config-Subnet Ids
Terraform

Access Control Policy

AWS::Lambda::LayerVersionPermission

Action
Terraform
Layer Version Arn
Terraform
Principal
Terraform

AWS::Lambda::Permission

Principal
Terraform

Code Integrity

Design Guidance:

AWS::Lambda::Version

Code Sha256

Last modified 1yr ago