Control: Lambda functions should use latest runtimes
Description
This control checks that the Lambda function settings for runtimes match the expected values set for the latest runtimes for each supported language. This control checks for the following runtimes: nodejs14.x, nodejs12.x, nodejs10.x, python3.8, python3.7, python3.6, ruby2.7, ruby2.5,java11, java8, go1.x, dotnetcore3.1, dotnetcore2.1.
Usage
Run the control in your terminal:
powerpipe control run terraform_aws_compliance.control.lambda_function_use_latest_runtimeSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_aws_compliance.control.lambda_function_use_latest_runtime --shareSQL
This control uses a named query:
select address as resource, case when (attributes_std ->> 'runtime') is null then 'skip' when (attributes_std ->> 'runtime') in ('nodejs14.x', 'nodejs12.x', 'nodejs10.x', 'python3.8', 'python3.7', 'python3.6', 'ruby2.5', 'ruby2.7', 'java11', 'java8', 'go1.x', 'dotnetcore2.1', 'dotnetcore3.1') then 'ok' else 'alarm' end as status, split_part(address, '.', 2) || case when (attributes_std ->> 'runtime') is null then ' runtime not set' when (attributes_std ->> 'runtime') in ('nodejs14.x', 'nodejs12.x', 'nodejs10.x', 'python3.8', 'python3.7', 'python3.6', 'ruby2.5', 'ruby2.7', 'java11', 'java8', 'go1.x', 'dotnetcore2.1', 'dotnetcore3.1') then ' uses latest runtime - ' || (attributes_std ->> 'runtime') || '.' else ' uses ' || (attributes_std ->> 'runtime')|| ' which is not the latest version.' end as reason , path || ':' || start_linefrom terraform_resourcewheretype = 'aws_lambda_function';