You must be logged in to view saved presets
Cloudformation Guard Rules for AWS Lambda
CloudFormation guard rules template for AWS Lambda resources
The following rules are included:
- No Obsolete Runtimes Used
- Lambda Function in VPC
- Dead Letter Queue Configured
- Code Signing Enabled
- Concurrent Execution Limit Configured
let lambda_functions = Resources.*[
Type == "AWS::Lambda::Function"
]
rule lambda_obsolete_runtime when %lambda_functions !empty {
%lambda_functions {
Properties {
when Runtime exists {
Runtime !in ["dotnetcore2.1", "python2.7", "ruby2.5", "nodejs10.x", "nodejs8.10", "nodejs6.10", "nodejs4.3-edge", "nodejs4.3", "nodejs", "dotnetcore2.0", "dotnetcore1.0"] <<Lambda function is using an obsolete runtime.>>
}
}
}
}
rule lambda_in_vpc when %lambda_functions !empty {
%lambda_functions {
Properties {
VpcConfig exists <<Lambda function is not configured in a VPC.>>
}
}
}
rule lambda_dead_letter_queue_configured when %lambda_functions !empty {
%lambda_functions {
Properties {
DeadLetterConfig exists <<Dead letter config is not configured.>>
}
}
}
rule lambda_code_signing_enabled when %lambda_functions !empty {
%lambda_functions {
Properties {
CodeSigningConfigArn exists <<Code signing is disabled.>>
}
}
}
rule lambda_function_concurrent_execution_limit_configured when %lambda_functions !empty {
%lambda_functions {
Properties {
ReservedConcurrentExecutions exists <<Lambda function concurrent execution limit is not configured.>>
}
}
}
Actions
Customize Template
* Required field
© 2024 asecurecloud. All rights reserved.