Public Lambda via API Gateway
- Query id: 5e92d816-2177-4083-85b4-f61b4f7176d9
- Query name: Public Lambda via API Gateway
- Platform: Ansible
- Severity: Medium
- Category: Access Control
- URL: Github
Description¶
Allowing to run lambda function using public API Gateway
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: Lambda S3 event notification
lambda_policy:
state: "{{ state | default('present') }}"
function_name: functionName
alias: Dev
statement_id: lambda-s3-myBucket-create-data-log
action: lambda:InvokeFunction
principal: apigateway.amazonaws.com
source_arn: arn:aws:s3:eu-central-1:123456789012/*/*
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: Lambda S3 event notification
lambda_policy:
state: "{{ state | default('present') }}"
function_name: functionName
alias: Dev
statement_id: lambda-s3-myBucket-create-data-log
action: lambda:InvokeFunction
principal: s3.amazonaws.com
source_arn: arn:aws:s3:eu-central-1:123456789012:bucketname