Check if Lambda runs as Admin
Ensure that your Amazon Lambda functions do not have administrative permissions in order to promote the Principle of Least Privilege.
Publicly Accessible Lambda
Identify any publicly accessible AWS Lambda functions and update their access policy in order to protect against unauthorized users that are sending requests to invoke these functions.
DLQ Configured check
Is the dead letter queue (DLQ) configured for Lambda functions?
Is timeout set?
Is default timeout used for Lambda functions?
Is Alias present?
Are you using aliasing for Lambda functions?
Too many versions present?
Are there too many versions for any Lambda function?
Allowed Runtime version check
Is your function runtime up to date?
Deprecated runtime version check
Is your function using a runtime which is coming up for deprecation?
Is tracking enabled check?
Is the tracing mode function enabled?
Multiple functions with same IAM role
Using An IAM Role For More Than One Lambda Function
Check if Lambda functions invoke API operations are being recorded by CloudTrail
Lambda function has tags
Check if tags are setup on the Lambda function
Check if cross-account access is present
Ensure there is no unauthorized cross-account access
Lambda must have access to VPC-only resources
Ensure that your Amazon Lambda functions have access to VPC-only resources
Help Us Improve!
If you have any suggestions to improve this checklist, please let us know by filling out