AWS Lambda, launched in 2015, is a service which allows customers to create event driven serverless functions of short duration.
Since then Lambda has become amazingly popular, Lambda functions are widely used for many different purposes ranging from low latency web applications and IoT, to AWS account operational and maintenance tasks.
Just like any other application in the cloud, a vulnerable or poorly configured Lambda function can lead to data loss, privilege escalation and even AWS account takeover, see for example this blog post.
I’ve created “10 steps to Lambda security” based on my experience of working with customers using AWS Lambda:
© 2018 Paul Schwarzenberger www.celidor.co.uk May be used with acknowledgement
Paul Schwarzenberger is a Cloud Security Architect and DevSecOps specialist