Control: Lambda functions should use latest runtimes
Description
This control checks that the Lambda function settings for runtimes match the expected values set for the latest runtimes for each supported language. This control checks for the following runtimes: nodejs20.x, nodejs18.x, nodejs16.x, python3.12, python3.11, python3.10, python3.9, python3.8, ruby3.3, ruby3.2, java21, java17, java11, java8.al2, dotnet8, dotnet6
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.lambda_function_use_latest_runtimeSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.lambda_function_use_latest_runtime --shareSQL
This control uses a named query:
select arn as resource, case when package_type <> 'Zip' then 'skip' when runtime like any ($1) then 'ok' when runtime like any ($2) then 'alarm' else 'info' end as status, case when package_type <> 'Zip' then title || ' package type is ' || package_type || '.' when runtime like any ($1) then title || ' uses latest runtime - ' || runtime || '.' when runtime like any ($2) then title || ' uses ' || runtime || ' which is not the latest version.' else title || ' uses runtime ' || runtime || ' which is yet to be released.' end as reason , region, account_idfrom aws_lambda_function;
Params
| Args | Name | Default | Description | Variable |
|---|---|---|---|---|
| $1 | lambda_latest_runtimes | | A list of latest lambda runtimes. | |
| $2 | lambda_deprecated_runtimes | | A list of deprecated lambda runtimes. |