AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
AWS Lambda Functions Should Not Have Too Many Versions
More Info:
AWS Lambda Functions should not have too many versions. This may led to security lapses and performance degradation.
Risk Level
Informational
Address
Security
Compliance Standards
AWSWAF
Triage and Remediation
Remediation
To remediate the misconfiguration “AWS Lambda Functions Should Not Have Too Many Versions” in AWS using AWS console, follow these steps:
-
Open the AWS Lambda console and select the function that has too many versions.
-
Click on the “Versions” tab to view all the versions of the function.
-
Identify the versions that are no longer needed or are outdated.
-
Click on the checkbox next to the version(s) that you want to delete.
-
Click on the “Actions” menu and select “Delete” to delete the selected version(s).
-
Confirm the deletion by clicking on the “Delete” button.
-
Repeat steps 4-6 for all the unnecessary versions of the function.
-
Once you have deleted all the unnecessary versions, click on the “Aliases” tab.
-
Review the aliases and ensure that they are pointing to the correct version of the function.
-
If any alias is pointing to an outdated version, click on the alias and update it to point to the latest version of the function.
-
Finally, click on the “Save” button to save the changes.
By following these steps, you can remediate the misconfiguration “AWS Lambda Functions Should Not Have Too Many Versions” in AWS using AWS console.
To remediate the misconfiguration of having too many versions of AWS Lambda functions using AWS CLI, follow the below steps:
-
Open the AWS CLI on your local machine.
-
Run the following command to list all the AWS Lambda functions in your account:
aws lambda list-functions -
Identify the function(s) that have too many versions.
-
Run the following command to delete the older versions of the function(s):
aws lambda delete-function --function-name <function-name>:<version>Replace
<function-name>with the name of the function and<version>with the version number of the function you want to delete.Note: You should keep at least the latest version of the function.
-
Repeat step 4 for all the functions that have too many versions.
-
Verify that the number of versions of each function is reduced to an acceptable number.
By following these steps, you will remediate the misconfiguration of having too many versions of AWS Lambda functions.
To remediate the issue of having too many versions of AWS Lambda Functions, you can use the following Python script:
import boto3
# Set the AWS region
region = 'us-east-1'
# Set the Lambda function name
function_name = 'my-lambda-function'
# Create the Lambda client
client = boto3.client('lambda', region_name=region)
# List all the versions of the Lambda function
response = client.list_versions_by_function(FunctionName=function_name)
# Get the number of versions
num_versions = len(response['Versions'])
# If there are more than 10 versions, delete the oldest ones
if num_versions > 10:
versions_to_delete = num_versions - 10
for i in range(versions_to_delete):
version = response['Versions'][i]['Version']
client.delete_function(FunctionName=function_name, Qualifier=version)
This script uses the Boto3 library to interact with the AWS Lambda service. It first sets the region and the Lambda function name that needs to be remediated. Then, it lists all the versions of the Lambda function using the list_versions_by_function method. If there are more than 10 versions, it deletes the oldest versions using the delete_function method.
You can schedule this script to run periodically using a Lambda function or a cron job to ensure that the number of versions of your Lambda functions stays within a manageable limit.