Serverless Function Without Unique IAM Role
- Query id: 165aae3b-a56a-48f3-b76d-d2b5083f5b8f
- Query name: Serverless Function Without Unique IAM Role
- Platform: ServerlessFW
- Severity: High
- Category: Insecure Configurations
- CWE: 732
- URL: Github
Description¶
Serverless Function should not share IAM Role to ensure it will have the minimum privileges needed to perform the required tasks
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yml file
service: service
frameworkVersion: '2'
provider:
name: aws
runtime: nodejs12.x
functions:
hello:
handler: handler.hello
onError: arn:aws:sns:us-east-1:XXXXXX:test
tags:
foo: bar
Positive test num. 2 - yml file
service: service
frameworkVersion: '2'
provider:
name: aws
runtime: nodejs12.x
functions:
- hello:
handler: handler.hello
onError: arn:aws:sns:us-east-1:XXXXXX:test
tags:
foo: bar