More Info:

Tracing should be enabled for your AWS Lambda functions in order to gain visibility into the functions execution and performance.

Risk Level

Low

Address

Operational Maturity, Security

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

To remediate the misconfiguration “Lambda Functions Should Have Tracing Enabled” for AWS using the AWS console, follow the below steps:
  1. Open the AWS Lambda console.
  2. Select the Lambda function for which you want to enable tracing.
  3. Click on the “Configuration” tab.
  4. Scroll down to the “Debugging and error handling” section.
  5. Under “Debugging and error handling”, click on the “Edit” button.
  6. In the “Edit function” page, scroll down to the “Tracing” section.
  7. Under “Tracing”, select the “Active” option.
  8. In the “Tracing mode” drop-down, select the “AWS X-Ray” option.
  9. Click on the “Save” button at the top of the page to save the changes.
Once the above steps are completed, tracing will be enabled for the selected Lambda function in AWS.

To remediate the misconfiguration of Lambda Functions not having tracing enabled in AWS using AWS CLI, follow these steps:
  1. Open the AWS CLI on your local machine or EC2 instance.
  2. Run the following command to enable tracing on all Lambda functions in the AWS account: 
aws lambda update-function-configuration --tracing-config Mode=Active
  1. If you want to enable tracing only on specific Lambda functions, run the following command:
aws lambda update-function-configuration --function-name <function-name> --tracing-config Mode=Active
Replace <function-name> with the name of the Lambda function that you want to enable tracing on.
  1. Verify that tracing is enabled on the Lambda function by running the following command:
aws lambda get-function-configuration --function-name <function-name>
This command will return the configuration details of the Lambda function, including the tracing mode. If the tracing mode is set to “Active”, then tracing is enabled on the function.By following these steps, you can remediate the misconfiguration of Lambda Functions not having tracing enabled in AWS using AWS CLI.
To remediate the misconfiguration of Lambda Functions not having tracing enabled in AWS, you can follow the below steps using Python:
  1. Import the necessary AWS SDK libraries for Python:
import boto3
  1. Create an AWS Lambda client object:
lambda_client = boto3.client('lambda')
  1. List all the available Lambda functions:
functions = lambda_client.list_functions()
  1. For each function, check if tracing is enabled or not:
for function in functions['Functions']:
    function_name = function['FunctionName']
    tracing_config = lambda_client.get_function(FunctionName=function_name)['TracingConfig']
    if tracing_config['Mode'] != 'Active':
        # Enable tracing for the function
        lambda_client.update_function_configuration(FunctionName=function_name, TracingConfig={'Mode': 'Active'})
  1. Save the Python script and execute it to enable tracing for all the available Lambda functions.
With the above steps, you can easily remediate the misconfiguration of Lambda Functions not having tracing enabled in AWS.

Additional Reading: