Back to All Checks
Critical Lambda Regional

Lambda function policies should prohibit public access

PCI DSSNISTISO 27001

Description

Checks whether the Lambda function resource-based policy prohibits public access outside of your account.

Remediation

To remediate this issue, update your function's resource-based policy to remove permissions or to add the AWS:SourceAccount condition.

Steps

  1. Review the resource-based policy on the Lambda console.
  2. Identify policy statements that make the policy public.
  3. Use the AWS CLI to run the remove-permission command.

Compliance

PCI DSSNISTISO 27001
Start Your Free Security Check