Benchmark: Lambda
Description
This section contains recommendations for configuring Lambda resources.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Lambda.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.all_controls_lambdaSnapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.all_controls_lambda --shareControls
- Lambda functions CloudTrail logging should be enabled
- Ensure Cloudwatch Lambda insights is enabled
- Lambda functions concurrent execution limit configured
- Lambda functions CORS configuration should not allow all origins
- Lambda functions should be configured with a dead-letter queue
- Ensure encryption in transit is enabled for Lambda environment variables
- Lambda functions should be in a VPC
- Ensure Lambda function logging config is enabled
- Lambda functions should operate in more than one availability zone
- Lambda functions should restrict public access
- Lambda functions should restrict public URL
- Lambda functions tracing should be enabled
- Lambda functions should use latest runtimes
- Lambda functions variable should not have any sensitive data