AWS Lambda, launched in 2015, is a service which allows customers to create event driven serverless functions of short duration. Since then Lambda has become amazingly popular, Lambda functions are widely used for many different purposes ranging from low latency web applications and IoT, to AWS account operational and maintenance tasks. Just like any other application in the cloud, a vulnerable or poorly configured Lambda function can lead to data loss, privilege escalation and even AWS account takeover, see for example this blog post. I’ve created “10 steps to Lambda security” based on my experience of working with customers using AWS Lambda:
3 Comments
Neil
12/5/2022 11:20:12 am
Hi, on step 6. Do you have any advice on how we might prevent outbound internet access from the lambda?
Reply
Neil
12/5/2022 08:38:55 pm
Thanks Paul, I'll have a look at that.
Reply
Your comment will be posted after it is approved.
Leave a Reply. |
AuthorPaul Schwarzenberger is a Cloud Security Architect and DevSecOps specialist Archives
September 2024
Categories |