Public Lambda via API Gateway

  • Query id: 5e92d816-2177-4083-85b4-f61b4f7176d9
  • Query name: Public Lambda via API Gateway
  • Platform: Ansible
  • Severity: Medium
  • Category: Access Control
  • URL: Github

Description

Allowing to run lambda function using public API Gateway
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: Lambda S3 event notification
  lambda_policy:
    state: "{{ state | default('present') }}"
    function_name: functionName
    alias: Dev
    statement_id: lambda-s3-myBucket-create-data-log
    action: lambda:InvokeFunction
    principal: apigateway.amazonaws.com
    source_arn: arn:aws:s3:eu-central-1:123456789012/*/*

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Lambda S3 event notification
  lambda_policy:
    state: "{{ state | default('present') }}"
    function_name: functionName
    alias: Dev
    statement_id: lambda-s3-myBucket-create-data-log
    action: lambda:InvokeFunction
    principal: s3.amazonaws.com
    source_arn: arn:aws:s3:eu-central-1:123456789012:bucketname