AWS-Lambda-Lambda-Admin-Privileges

Severity: High

Description: This control ensures that role which is used for Lambda Function does not have admin permissions or wildcard as resources. Following Principle of least privilege, Lambda Functions should not have administrative permissions and only have required permissions. Assigning wildcards for the resources in the permission of the Lambda function may cause security breach and implication

Remediation Steps:

Perform following to update lambda function role policies :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to IAM console.

3. In the navigation pane,  select Roles.

4. Select the role to be modified.

5. Navigate to Permissions tab.

6. Delete the Policy granting administrator privileges.

Important:

Principle of least privilege should be upheld and restrictive permissions should be assigned to the role.

Reference:

• https://docs.aws.amazon.com/lambda/latest/dg/access-control-identity-based.html