AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Lambda Functions Should Not Use Deprecated Versions
More Info:
You should not use the deprecated versions of the execution environment for your Amazon Lambda functions in order to adhere to AWS best practices.
Risk Level
Low
Address
Security, Reliability
Compliance Standards
AWSWAF
Triage and Remediation
Remediation
To remediate the misconfiguration of Lambda Functions using deprecated versions in AWS, follow these steps:
- Login to the AWS Management Console.
- Go to the AWS Lambda service.
- Select the Lambda function that is using a deprecated version.
- Click on the “Configuration” tab.
- In the “Runtime settings” section, select the latest version of the runtime that is available. For example, if the function is using Node.js 8.10, select Node.js 14.x.
- Click on the “Save” button to save the changes.
- Test the function to ensure that it is working properly with the updated runtime version.
By following these steps, you have successfully remediated the misconfiguration of Lambda Functions using deprecated versions in AWS.
To remediate the Lambda Functions Should Not Use Deprecated Versions misconfiguration in AWS using AWS CLI, follow these steps:
-
Open your terminal and make sure you have the AWS CLI installed.
-
Run the following command to list all the Lambda functions in your AWS account:
aws lambda list-functions
-
Identify the Lambda functions that are using deprecated versions.
-
Run the following command to update the runtime of the Lambda function to a non-deprecated version:
aws lambda update-function-configuration --function-name <function-name> --runtime <runtime>
Replace <function-name> with the name of the Lambda function that you want to update, and <runtime> with the non-deprecated runtime version that you want to use.
-
Repeat steps 4 and 5 for all the Lambda functions that are using deprecated versions.
-
Verify that all the Lambda functions are now using non-deprecated versions by running the following command:
aws lambda list-functions --query 'Functions[*].Runtime'
This command will return a list of all the Lambda functions and their respective runtimes. Make sure that all the runtimes are non-deprecated versions.
By following these steps, you can remediate the Lambda Functions Should Not Use Deprecated Versions misconfiguration in AWS using AWS CLI.
To remediate the misconfiguration “Lambda Functions Should Not Use Deprecated Versions” in AWS using Python, follow the below steps:
-
Login to the AWS Management Console and navigate to the Lambda service.
-
Select the Lambda function that is using a deprecated version.
-
Click on the “Configuration” tab and scroll down to the “Runtime settings” section.
-
Verify the runtime version of the function. If it is using a deprecated version, then it needs to be updated.
-
Update the runtime version of the Lambda function to the latest version supported by AWS. You can refer to the AWS documentation to find the latest supported version.
-
Once the update is complete, click on the “Save” button to save the changes.
-
Test the updated Lambda function to ensure that it is functioning as expected.
-
Finally, it is recommended to regularly monitor the runtime versions of your Lambda functions and update them as needed to ensure that they are not using any deprecated versions.
In Python, you can use the AWS SDK boto3 to programmatically update the runtime version of your Lambda function. Here’s an example code snippet:
import boto3
# Replace <function_name> and <new_runtime> with your function name and the new runtime version respectively
function_name = "<function_name>"
new_runtime = "<new_runtime>"
# Create a Lambda client object
lambda_client = boto3.client('lambda')
# Update the runtime version of the function
response = lambda_client.update_function_configuration(
FunctionName=function_name,
Runtime=new_runtime
)
# Print the response
print(response)