Serverless Function Without Dead Letter Queue

Query id: dec7bc85-d156-4f64-9a33-96ed3d9f3fed
Query name: Serverless Function Without Dead Letter Queue
Platform: ServerlessFW
Severity: Low
Category: Insecure Configurations
CWE: 703
URL: Github

Description¶

Serverless Function should be configured for a Dead Letter Queue(DLQ). A Dead Letter Queue(DLQ) can be set up in 'onError' config parameter
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - yml file

service: service
frameworkVersion: '2' 
provider:
  name: aws
  runtime: nodejs12.x

functions:
  hello:
    handler: handler.hello

Code samples without security vulnerabilities¶

Negative test num. 1 - yml file

service: service
frameworkVersion: '2' 
provider:
  name: aws
  runtime: nodejs12.x

functions:
  hello:
    handler: handler.hello
    onError: arn:aws:sns:us-east-1:XXXXXX:test