Securing AWS Lambda Functions
The Default Security – (Permissions)
By default Lambda functions are “not” authorized to do access other AWS services. Hence, it is required to explicitly give access (permissions) to each and every AWS service.(i.e. accessing S3 to store images, accessing external databases such as DynamoDB, etc). These permissions are managed by AWS IAM roles.
Changing the Default Security – (Permissions)
If you are using the Serverless Framework you can customize the default settings by changing the serverless.yaml file (in the “iamRoleStatements:” block).
iamRoleStatements: - Effect: "Allow" Action: - "lambda:*" Resource: - "*"
The above will “Allow” all (“*”) to be invoked from the Lambda Function.
The Default Security – (Network)
By default, Lambda functions are not launched in a VPC. But you can change this by creating a Lambda function within a VPC. Furthermore, you can extend further by applying “Security Groups” as an additional layer of security within a VPC.
Changing the Default Security – (Network)
If you are using the Serverless Framework you can customize the default settings by changing the serverless.yaml file. Here is the code snippet that might use for this.
provider: name: aws runtime: python2.7 profile: serverless-admin region: us-east-1 vpc: securityGroupIds: - <security-group-id> subnetIds: - <subnet-1> - <subnet-2>
Comments are closed.