Lambda Permission Principal Is Wildcard
- Query id: e08ed7eb-f3ef-494d-9d22-2e3db756a347
- Query name: Lambda Permission Principal Is Wildcard
- Platform: Terraform
- Severity: Medium
- Category: Access Control
- URL: Github
Description¶
Lambda Permission Principal should not contain a wildcard.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_lambda_permission" "positive1" {
statement_id = "AllowExecutionFromCloudWatch"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.test_lambda.function_name
principal = "*"
source_arn = "arn:aws:events:eu-west-1:111122223333:rule/RunDaily"
qualifier = aws_lambda_alias.test_alias.name
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_lambda_permission" "negative1" {
statement_id = "AllowExecutionFromCloudWatch"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.test_lambda.function_name
principal = "events.amazonaws.com"
source_arn = "arn:aws:events:eu-west-1:111122223333:rule/RunDaily"
qualifier = aws_lambda_alias.test_alias.name
}