Guided Walkthroughs
Step-by-step configuration wizards for your environment
Dedicated Security Account
AWS Backup Strategy
VPC Connectivity Setup
Automated Patching
All Guides
CloudFormation guard rules template for AWS Lambda resources
The following rules are included:
let lambda_functions = Resources.*[
Type == "AWS::Lambda::Function"
]
rule lambda_obsolete_runtime when %lambda_functions !empty {
%lambda_functions {
Properties {
when Runtime exists {
Runtime !in ["dotnetcore2.1", "python2.7", "ruby2.5", "nodejs10.x", "nodejs8.10", "nodejs6.10", "nodejs4.3-edge", "nodejs4.3", "nodejs", "dotnetcore2.0", "dotnetcore1.0"] <<Lambda function is using an obsolete runtime.>>
}
}
}
}
rule lambda_in_vpc when %lambda_functions !empty {
%lambda_functions {
Properties {
VpcConfig exists <<Lambda function is not configured in a VPC.>>
}
}
}
rule lambda_dead_letter_queue_configured when %lambda_functions !empty {
%lambda_functions {
Properties {
DeadLetterConfig exists <<Dead letter config is not configured.>>
}
}
}
rule lambda_code_signing_enabled when %lambda_functions !empty {
%lambda_functions {
Properties {
CodeSigningConfigArn exists <<Code signing is disabled.>>
}
}
}
rule lambda_function_concurrent_execution_limit_configured when %lambda_functions !empty {
%lambda_functions {
Properties {
ReservedConcurrentExecutions exists <<Lambda function concurrent execution limit is not configured.>>
}
}
}