Lambda Permission Misconfigured
- Query id: 9b83114b-b2a1-4534-990d-06da015e47aa
- Query name: Lambda Permission Misconfigured
- Platform: CloudFormation
- Severity: Low
- Category: Best Practices
- CWE: 710
- URL: Github
Description¶
Lambda permission may be misconfigured if the action field is not filled in by 'lambda:InvokeFunction'
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
Resources:
s3Permission:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !GetAtt function.Arn
Action: lambda:GetFunction
Principal: s3.amazonaws.com
SourceAccount: !Ref 'AWS::AccountId'
SourceArn: !GetAtt bucket.Arn
Positive test num. 2 - json file
{
"Resources": {
"s3Permission": {
"Type": "AWS::Lambda::Permission",
"Properties": {
"SourceArn": "bucket.Arn",
"FunctionName": "function.Arn",
"Action": "lambda:GetFunction",
"Principal": "s3.amazonaws.com",
"SourceAccount": "AWS::AccountId"
}
}
}
}