AWS-Lambda-function-using-unique-role

Severity: High

Description: This control ensures that a role is not used by more than one Lambda function in a single region. Using the same IAM Role with more than one Lambda function will violate Principal of Least Privilege(POLP). It is considered a best practice to provide least privileges to any resource and a unique IAM Role is assigned to separate functions even if the privileges granted are the same.

Remediation Steps:

Perform following to update lambda function role:

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to AWS Lambda console.

3. In the navigation pane,  select Functions.

4. Click on the function to be modified.

5. Select an unused existing role with appropriate permissions or select Create a new role from AWS policy templates to let AWS Management Console to create a new role with required permissions.

6. Provide Role name and Policy templates, if selected to create a new role in previous step.

7. Click Save changes to apply.

Important:

Proper policies should be assigned to the new role for granting appropriate permissions to avoid any problems in the execution of Lambda Function

Reference:

• create-role — AWS CLI 1.36.8 Command Reference

• Defining Lambda function permissions with an execution role - AWS Lambda