AWS Lambda is the serverless computing which significantly contributes to the performance of your cloud infrastructure. It is highly recommended to give attention to the account access settings for your AWS lambda resources. This is to ensure that there is no manipulation or misuse of your cloud resources.
Protect your AWS Lambda resources from cross-account access
Lambda allows function invocation from both known and unknown sources. Allowing function invocation from unknown resources is not recommended. Function invocation from unauthorized resources creates the situation of cross-account access. This situation should be avoided to ensure secure use of Lambda resources without the risk of any security breach.
Centilytics has a dedicated insight into Lambda cross-account access. This check gives warnings to the user whenever there is an unknown function invocation in their Lambda function requests.
There can be two possible scenarios:
|Critical||This indication is displayed when your account is not secure and allows unauthorized access.|
|OK||This indication will be displayed when your account is secure and allows authorized access.|
Description of further columns are as follows:
- Account Id: This column shows the respective account ID of the user’s account.
- Account Name: This column shows the corresponding account name to the user’s account.
- Region: This column shows the region in which the corresponding resource exists.
- Function Name: This column shows the name of your lambda function.
- Identifier: This column shows the ARN or Amazon Resource Number of your lambda function for unique identification of different resources.
|Account Id||Applying the account Id filter will display data for the selected account Id.|
|Region||Applying the region filter will display data corresponding to the selected region|
|Severity||Applying severity filter will display public snapshots according to the selected severity type. This means, selecting Critical will display all resources with critical severity. Same will be the case for Warning and Ok severity types.|
|Resource Tags||Applying resource tags filter will display those resources which have been assigned the selected resource tag. For e.g., A user has tagged some public snapshots by a resource tag named environment. Then selecting an environment from the resource tags filter will display all those resources tagged by the tag name environment.|
|Resource Tags Value||Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment: production).
Hence, the user can view data of all the resources which have “environment:production” tag assigned. The user can use the tag value filter only when a tag name has been provided.
Read More about AWS Lambda – here