Lambda Permission Misconfigured
- Query id: 3ddf3417-424d-420d-8275-0724dc426520
- Query name: Lambda Permission Misconfigured
- Platform: Ansible
- Severity: Low
- Category: Best Practices
- URL: Github
Description¶
Lambda permission may be misconfigured if the action field is not filled in by 'lambda:InvokeFunction'
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: Lambda S3 notification positive
community.aws.lambda_policy:
state: present
function_name: functionName
alias: Dev
statement_id: lambda-s3-myBucket-create-data-log
action: lambda:CreateFunction
principal: s3.amazonaws.com
source_arn: arn:aws:s3:eu-central-1:123456789012:bucketName
source_account: 123456789012
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: Lambda S3 notification negative
community.aws.lambda_policy:
state: present
function_name: functionName
alias: Dev
statement_id: lambda-s3-myBucket-create-data-log
action: lambda:InvokeFunction
principal: s3.amazonaws.com
source_arn: arn:aws:s3:eu-central-1:123456789012:bucketName
source_account: 123456789012