A Config rule that checks whether the AWS Lambda function policy attached to the Lambda resource prohibits public access. If the Lambda function policy allows public access it is noncompliant.
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
ConfigRule:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: lambda-function-public-access-prohibited
Scope:
ComplianceResourceTypes:
- 'AWS::Lambda::Function'
Description: >-
A Config rule that checks whether the AWS Lambda function policy
attached to the Lambda resource prohibits public access. If the Lambda
function policy allows public access it is noncompliant.
Source:
Owner: AWS
SourceIdentifier: LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED
Parameters: {}
Metadata: {}
Conditions: {}
Configuration Source: AWS Documentation
Additional Documentation: