04 - Lambda Shared IAM Role

Ensure Lambda functions use there own IAM roles in enforce least privileged access

Ensure that your Lambda functions are not all leveraging the same IAM role in order to follow best practice in relation to RBAC and least privileged access. For this reason this is considered a security best practice and should have a unique IAM role assigned to each function. Ensuring this is enabled will help you with PCI-DSS compliance.

Audit & Remediation

Login into your AWS account
Navigate to the lambda service at: https://console.aws.amazon.com/lambda
On the left hand panel select Functions.

Select the function under Function name in order to gain access to the individual function.
Select the Permissions tab then make note of the Role name under the Execution role section.

Make note of the Role name that is being used.
Repeat the outlined steps for each function.
Repeat the outlined steps for each region you have functions running.
For any functions or IAM roles that have been flagged, create a new IAM role for each and replace the IAM role associated with function.

See all of your AWS Lambda Functions in a single place!

Do you want to see all of your Lambda Functions in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.