AWS-Lambda-function-cross-account-access-disallowed

Severity: High

Description: This control ensures that Lambda function doesn’t allow cross-Account invocation. Cross-account access should not be granted to a Lambda Function. Cross-account access could allow unauthorized/unwanted invocations of the functions and lead to leakage of data.

Remediation Steps:

Perform following to remove cross account triggers from lambda function:

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to AWS Lambda console.

3. In the navigation pane,  select Functions.

4. Select the function to be modified.

5. Navigate to Designer.

6. Delete the trigger with Cross account access.

7. Click Save changes to apply.

Important:

Reference:

• Working with resource-based IAM policies in Lambda - AWS Lambda

• https://aws.amazon.com/blogs/compute/easy-authorization-of-aws-lambda-functions