Lambda Compute Platform Should Not Use Default Deployment Configuration

​

More Info:

Ensure Lambda compute platform is not using default configuration

​

Risk Level

Medium

​

Address

Performance Efficiency, Operational Excellence, Reliability, Security

​

Compliance Standards

CBP

​

Remediation

​

Using Console

To remediate the misconfiguration of Lambda Compute Platform using default deployment configuration for AWS CodeBuild in AWS console, follow these steps:

1. Access AWS CodeBuild Console:

   • Go to the AWS Management Console and navigate to the AWS CodeBuild service.

2. Select the Project:

   • Select the CodeBuild project that is used for building and deploying the Lambda function.

3. Edit Build Project:

   • Click on the project name to access the project details.

4. Update Buildspec File:

   • Update the buildspec file to include the necessary configurations for Lambda deployment. Make sure to specify the deployment configurations for Lambda function in the buildspec file.

5. Update Deployment Configuration:

   • In the CodeBuild project settings, navigate to the deployment configuration section and ensure that the deployment configuration is set up correctly for Lambda function deployment. You can specify the deployment settings such as the Lambda function name, runtime, handler, memory size, timeout, etc.

6. Save Changes:

   • Save the changes made to the CodeBuild project settings.

7. Trigger Build:

   • Trigger a new build for the CodeBuild project to deploy the Lambda function with the updated deployment configuration.

By following these steps, you can remediate the misconfiguration of Lambda Compute Platform using default deployment configuration for AWS CodeBuild in the AWS console.

​

Using CLI

To remediate the misconfiguration of Lambda Compute Platform using default deployment configuration in AWS CodeBuild using AWS CLI, follow these steps:

1. Open your terminal or command prompt.

2. Run the following command to update the AWS CodeBuild project to ensure that Lambda Compute Platform does not use default deployment configuration:

   aws codebuild update-project --name <project-name> --environment type=LINUX_CONTAINER,computeType=BUILD_GENERAL1_SMALL,image=aws/codebuild/standard:4.0
   

   Replace <project-name> with the actual name of your AWS CodeBuild project.

3. This command will update the AWS CodeBuild project’s environment settings to use a specific compute type (BUILD_GENERAL1_SMALL) and a specific Docker image (aws/codebuild/standard:4.0) which ensures that Lambda Compute Platform does not use default deployment configuration.

4. Once the command is executed successfully, the AWS CodeBuild project will be updated with the remediated configuration.

By following these steps, you can remediate the misconfiguration of Lambda Compute Platform using default deployment configuration in AWS CodeBuild using AWS CLI.

​

Using Python

To remediate the misconfiguration where the Lambda Compute Platform is using the default deployment configuration for AWS CodeBuild, you can follow these steps in Python:

1. Create a CodeBuild Project with Custom Deployment Configuration:

   Use the AWS SDK for Python (Boto3) to create a new CodeBuild project with a custom deployment configuration. You can specify the deployment configuration in the environment parameter when creating the project.

   import boto3
   
   codebuild = boto3.client('codebuild')
   
   response = codebuild.create_project(
       name='your-project-name',
       source={
           'type': 'CODEPIPELINE',
           'buildspec': 'buildspec.yml'
       },
       environment={
           'type': 'LINUX_CONTAINER',
           'image': 'aws/codebuild/standard:4.0',
           'computeType': 'BUILD_GENERAL1_SMALL',
           'environmentVariables': [
               {
                   'name': 'CUSTOM_DEPLOYMENT_CONFIG',
                   'value': 'your-custom-deployment-config'
               }
           ]
       },
       serviceRole='arn:aws:iam::123456789012:role/service-role/codebuild-your-service-role',
       artifacts={
           'type': 'CODEPIPELINE',
       }
   )
   

2. Update Existing CodeBuild Project:

   If you already have an existing CodeBuild project that is using the default deployment configuration, you can update the project to use a custom deployment configuration.

   import boto3
   
   codebuild = boto3.client('codebuild')
   
   response = codebuild.update_project(
       name='your-project-name',
       environment={
           'type': 'LINUX_CONTAINER',
           'image': 'aws/codebuild/standard:4.0',
           'computeType': 'BUILD_GENERAL1_SMALL',
           'environmentVariables': [
               {
                   'name': 'CUSTOM_DEPLOYMENT_CONFIG',
                   'value': 'your-custom-deployment-config'
               }
           ]
       }
   )
   

3. Verify the Deployment Configuration:

   After creating or updating the CodeBuild project with the custom deployment configuration, verify that the project is using the specified deployment configuration by checking the project settings in the AWS Management Console or using the AWS CLI or SDK.

By following these steps and providing a custom deployment configuration for your Lambda Compute Platform in AWS CodeBuild, you can remediate the misconfiguration and ensure that your Lambda functions are deployed securely and efficiently.