10 steps to Lambda security
AWS Lambda, launched in 2015, is a service which allows customers to create event driven serverless functions of short duration.
Since then Lambda has become amazingly popular, Lambda functions are widely used for many different purposes ranging from low latency web applications and IoT, to AWS account operational and maintenance tasks.
Just like any other application in the cloud, a vulnerable or poorly configured Lambda function can lead to data loss, privilege escalation and even AWS account takeover, see for example this blog post.
I’ve created “10 steps to Lambda security” based on my experience of working with customers using AWS Lambda:
© 2018 Paul Schwarzenberger www.celidor.co.uk May be used with acknowledgement
12/5/2022 11:20:12 am
Hi, on step 6. Do you have any advice on how we might prevent outbound internet access from the lambda?
12/5/2022 08:38:55 pm
Thanks Paul, I'll have a look at that.
Your comment will be posted after it is approved.
Leave a Reply.
Paul Schwarzenberger is a Cloud Security Architect and DevSecOps specialist