AWS-Lambda-env-variable-in-transit-encrytion-uses-aws-helpers

Severity: Medium

Description: This control ensures that Environment variables are encrypted before storing. Lambda environment variables can contain sensitive information and should be encrypted using AWS Lambda helpers for encryption in transit.

Remediation Steps:

Perform following to enable environment variable in transit encryption for lambda :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to AWS Lambda console.

3. In the navigation pane,  select Functions.

4. Select the function to be modified.

5. Navigate to Environment Variables.

6. Expand the Encryption Configuration.

7. Click on the checkbox for Enable helpers for encryption in transit.

8. Choose a KMS key for encryption.

9. Encrypt Button will appear next to each environment variable.

10. Click on Encrypt to encrypt each environment variable.

11. Click Save changes to apply.

Important:

Reference:

• https://docs.aws.amazon.com/lambda/latest/dg/env_variables.html

• https://docs.aws.amazon.com/lambda/latest/dg/tutorial-env_console.html