Lambda Permission Principal Is Wildcard
- Query id: 1d972c56-8ec2-48c1-a578-887adb09c57a
- Query name: Lambda Permission Principal Is Wildcard
- Platform: Ansible
- Severity: Medium
- Category: Access Control
- URL: Github
Description¶
Lambda Permission Principal should not contain a wildcard.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - yaml file
- name: Lambda S3 event notification
community.aws.lambda_policy:
state: present
function_name: functionName
alias: Dev
statement_id: lambda-s3-myBucket-create-data-log
action: lambda:AddPermission
principal: "*"
source_arn: arn:aws:s3:eu-central-1:123456789012:bucketName
source_account: 123456789012
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: Lambda S3 event notification negative
community.aws.lambda_policy:
state: present
function_name: functionName
alias: Dev
statement_id: lambda-s3-myBucket-create-data-log
action: lambda:AddPermission
principal: s3.amazonaws.com
source_arn: arn:aws:s3:eu-central-1:123456789012:bucketName
source_account: 123456789012