Lambda Permission Misconfigured

  • Query id: 75ec6890-83af-4bf1-9f16-e83726df0bd0
  • Query name: Lambda Permission Misconfigured
  • Platform: Terraform
  • Severity: Low
  • Category: Best Practices
  • URL: Github

Description

Lambda permission may be misconfigured if the action field is not filled in by 'lambda:InvokeFunction'
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_lambda_permission" "positive1" {
  action        = "lambda:DeleteFunction"
  function_name = aws_lambda_function.logging.function_name
  principal     = "logs.eu-west-1.amazonaws.com"
  source_arn    = "${aws_cloudwatch_log_group.default.arn}:*"
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_lambda_permission" "negative1" {
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.logging.function_name
  principal     = "logs.eu-west-1.amazonaws.com"
  source_arn    = "${aws_cloudwatch_log_group.default.arn}:*"
}