Benchmark: Lambda
Description
This benchmark provides a set of controls that detect Terraform AWS Lambda resources deviating from security best practices.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-terraform-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Lambda.
Run this benchmark in your terminal:
powerpipe benchmark run terraform_aws_compliance.benchmark.lambdaSnapshot and share results via Turbot Pipes:
powerpipe benchmark run terraform_aws_compliance.benchmark.lambda --shareControls
- Lambda functions should have code signing configured
- Lambda functions concurrent execution limit configured
- Lambda functions should be configured with a dead-letter queue
- Lambda functions variable encryption should be enabled
- Lambda functions should be in a VPC
- Lambda functions should not have URLs AuthType as 'None'
- Lambda functions should use latest runtimes
- Lambda functions variable should not have any sensitive data
- Lambda functions xray tracing should be enabled
- Lambda permissions should restrict service permission by source account or source arn