AWS-Lambda-Lambda-Public-Access

Severity: High

Description: This control ensures that Lambda function is not exposed publicly using wildcard in the Principal element of function policy. Access to Lambda functions should be restricted and should be granted to only authorized users.

Remediation Steps:

Perform following to remove anonymous access from lambda function:

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to AWS Lambda console.

3. In the navigation pane,  select Functions.

4. Select the function to be modified.

5. Navigate to Designer.

6. Delete the trigger with Cross account access.

7. Click Save changes to apply.

Important:

• Restricting the access policy for function exposure may limit who can trigger the function. Reconfiguration may be required to invoke the function.

Reference:

• https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html

• https://aws.amazon.com/blogs/compute/easy-authorization-of-aws-lambda-functions/