/
AWS-Lambda-Lambda-Admin-Privileges

AWS-Lambda-Lambda-Admin-Privileges

Owned by naveen
Last updated: Nov 30, 2021
1 min read

Severity: High

Description: This control ensures that role which is used for Lambda Function does not have admin permissions or wildcard as resources. Following Principle of least privilege, Lambda Functions should not have administrative permissions and only have required permissions. Assigning wildcards for the resources in the permission of the Lambda function may cause security breach and implication

Remediation Steps:

Perform following to update lambda function role policies :

  1. Login to the AWS Management Console at https://console.aws.amazon.com.

  2. Navigate to IAM console.

  3. In the navigation pane,  select Roles.

  4. Select the role to be modified.

  5. Navigate to Permissions tab.

  6. Delete the Policy granting administrator privileges.

Important:

Principle of least privilege should be upheld and restrictive permissions should be assigned to the role.

Reference:

 

Related content

AWS-IAM-IAM-Role-Policies
AWS-IAM-IAM-Role-Policies
Blue Hexagon Documentation
More like this
AWS-S3-S3-Bucket-Encryption-In-Transit
AWS-S3-S3-Bucket-Encryption-In-Transit
Blue Hexagon Documentation
Read with this
AWS-Lambda-Resource-Based-Policy-Public
AWS-Lambda-Resource-Based-Policy-Public
Blue Hexagon Documentation
More like this
AWS-EC2-Public-IP-Address-EC2-Instances
AWS-EC2-Public-IP-Address-EC2-Instances
Blue Hexagon Documentation
Read with this
AWS-IAM-Unexpected-Admin-Privilege-Principal
AWS-IAM-Unexpected-Admin-Privilege-Principal
Blue Hexagon Documentation
More like this
AWS-S3-S3-Secure-Transport-Enabled
AWS-S3-S3-Secure-Transport-Enabled
Blue Hexagon Documentation
Read with this

Blue Hexagon Proprietary