AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Lambda Functions Should Have Tracing Enabled
More Info:
Tracing should be enabled for your AWS Lambda functions in order to gain visibility into the functions execution and performance.
Risk Level
Low
Address
Operational Maturity, Security
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the misconfiguration “Lambda Functions Should Have Tracing Enabled” for AWS using the AWS console, follow the below steps:
- Open the AWS Lambda console.
- Select the Lambda function for which you want to enable tracing.
- Click on the “Configuration” tab.
- Scroll down to the “Debugging and error handling” section.
- Under “Debugging and error handling”, click on the “Edit” button.
- In the “Edit function” page, scroll down to the “Tracing” section.
- Under “Tracing”, select the “Active” option.
- In the “Tracing mode” drop-down, select the “AWS X-Ray” option.
- Click on the “Save” button at the top of the page to save the changes.
Once the above steps are completed, tracing will be enabled for the selected Lambda function in AWS.
To remediate the misconfiguration of Lambda Functions not having tracing enabled in AWS using AWS CLI, follow these steps:
-
Open the AWS CLI on your local machine or EC2 instance.
-
Run the following command to enable tracing on all Lambda functions in the AWS account:
aws lambda update-function-configuration --tracing-config Mode=Active
- If you want to enable tracing only on specific Lambda functions, run the following command:
aws lambda update-function-configuration --function-name <function-name> --tracing-config Mode=Active
Replace <function-name> with the name of the Lambda function that you want to enable tracing on.
- Verify that tracing is enabled on the Lambda function by running the following command:
aws lambda get-function-configuration --function-name <function-name>
This command will return the configuration details of the Lambda function, including the tracing mode. If the tracing mode is set to “Active”, then tracing is enabled on the function.
By following these steps, you can remediate the misconfiguration of Lambda Functions not having tracing enabled in AWS using AWS CLI.
To remediate the misconfiguration of Lambda Functions not having tracing enabled in AWS, you can follow the below steps using Python:
- Import the necessary AWS SDK libraries for Python:
import boto3
- Create an AWS Lambda client object:
lambda_client = boto3.client('lambda')
- List all the available Lambda functions:
functions = lambda_client.list_functions()
- For each function, check if tracing is enabled or not:
for function in functions['Functions']:
function_name = function['FunctionName']
tracing_config = lambda_client.get_function(FunctionName=function_name)['TracingConfig']
if tracing_config['Mode'] != 'Active':
# Enable tracing for the function
lambda_client.update_function_configuration(FunctionName=function_name, TracingConfig={'Mode': 'Active'})
- Save the Python script and execute it to enable tracing for all the available Lambda functions.
With the above steps, you can easily remediate the misconfiguration of Lambda Functions not having tracing enabled in AWS.