AWS Lambda Audit

Your number of Lambda can grow pretty fast - and so could be your painpoints.

What we do?

Check if Lambda runs as Admin

Ensure that your Amazon Lambda functions do not have administrative permissions in order to promote the Principle of Least Privilege.

Publicly Accessible Lambda

Identify any publicly accessible AWS Lambda functions and update their access policy in order to protect against unauthorized users that are sending requests to invoke these functions.

DLQ Configured check

Is the dead letter queue (DLQ) configured for Lambda functions?

Is timeout set?

Is default timeout used for Lambda functions?

Is Alias present?

Are you using aliasing for Lambda functions?

Too many versions present?

Are there too many versions for any Lambda function?

Allowed Runtime version check

Is your function runtime up to date?

Deprecated runtime version check

Is your function using a runtime which is coming up for deprecation?

Is tracking enabled check?

Is the tracing mode function enabled?

Multiple functions with same IAM role

Using An IAM Role For More Than One Lambda Function

CloudTrail enabled

Check if Lambda functions invoke API operations are being recorded by CloudTrail

Lambda function has tags

Check if tags are setup on the Lambda function

Check if cross-account access is present

Ensure there is no unauthorized cross-account access

Lambda must have access to VPC-only resources

Ensure that your Amazon Lambda functions have access to VPC-only resources


Not ready for a free signup yet? No worries!

We suggest you use the checklist!

If you are not yet convinced to sign up with Cloudanix, that's not a problem. We recommend you use a comprehensive checklist which your team can use to perform a manual assessment of your workload.