Lambda Permission Misconfigured

  • Query id: 3ddf3417-424d-420d-8275-0724dc426520
  • Query name: Lambda Permission Misconfigured
  • Platform: Ansible
  • Severity: Low
  • Category: Best Practices
  • URL: Github

Description

Lambda permission may be misconfigured if the action field is not filled in by 'lambda:InvokeFunction'
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: Lambda S3 notification positive
  community.aws.lambda_policy:
    state: present
    function_name: functionName
    alias: Dev
    statement_id: lambda-s3-myBucket-create-data-log
    action: lambda:CreateFunction
    principal: s3.amazonaws.com
    source_arn: arn:aws:s3:eu-central-1:123456789012:bucketName
    source_account: 123456789012

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Lambda S3 notification negative
  community.aws.lambda_policy:
    state: present
    function_name: functionName
    alias: Dev
    statement_id: lambda-s3-myBucket-create-data-log
    action: lambda:InvokeFunction
    principal: s3.amazonaws.com
    source_arn: arn:aws:s3:eu-central-1:123456789012:bucketName
    source_account: 123456789012