🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
32Dashboards
1295Benchmarks
585Queries
4Variables
GitHub

Control: Lambda functions CORS configuration should not allow all origins

Description

Enable this rule to ensure that the CORS configuration for your Lambda functions does not allow all origins.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.lambda_function_cors_configuration

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.lambda_function_cors_configuration --share

SQL

This control uses a named query:

select
  arn as resource,
  case
    when url_config is null then 'info'
    when url_config -> 'Cors' ->> 'AllowOrigins' = '["*"]' then 'alarm'
    else 'ok'
  end as status,
  case
    when url_config is null then title || ' does not has a URL config.'
    when url_config -> 'Cors' ->> 'AllowOrigins' = '["*"]' then title || ' CORS configuration allows all origins.'
    else title || ' CORS configuration does not allow all origins.'
  end as reason
  
  , region, account_id
from
  aws_lambda_function;

Tags

category = Compliance
plugin = aws
service = AWS/Lambda