Lambda Functions Should Have Tracing Enabled

More Info:

Tracing should be enabled for your AWS Lambda functions in order to gain visibility into the functions execution and performance.

Risk Level

Low

Address

Operational Maturity, Security

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration of Lambda Functions not having tracing enabled in AWS using AWS CLI, follow these steps:

Open the AWS CLI on your local machine or EC2 instance.
Run the following command to enable tracing on all Lambda functions in the AWS account:

aws lambda update-function-configuration --tracing-config Mode=Active

If you want to enable tracing only on specific Lambda functions, run the following command:

aws lambda update-function-configuration --function-name <function-name> --tracing-config Mode=Active

Replace <function-name> with the name of the Lambda function that you want to enable tracing on.

Verify that tracing is enabled on the Lambda function by running the following command:

aws lambda get-function-configuration --function-name <function-name>

This command will return the configuration details of the Lambda function, including the tracing mode. If the tracing mode is set to “Active”, then tracing is enabled on the function.By following these steps, you can remediate the misconfiguration of Lambda Functions not having tracing enabled in AWS using AWS CLI.

Using Python

To remediate the misconfiguration of Lambda Functions not having tracing enabled in AWS, you can follow the below steps using Python:

Import the necessary AWS SDK libraries for Python:

import boto3

Create an AWS Lambda client object:

lambda_client = boto3.client('lambda')

List all the available Lambda functions:

functions = lambda_client.list_functions()

For each function, check if tracing is enabled or not:

for function in functions['Functions']:
    function_name = function['FunctionName']
    tracing_config = lambda_client.get_function(FunctionName=function_name)['TracingConfig']
    if tracing_config['Mode'] != 'Active':
        # Enable tracing for the function
        lambda_client.update_function_configuration(FunctionName=function_name, TracingConfig={'Mode': 'Active'})

Save the Python script and execute it to enable tracing for all the available Lambda functions.

With the above steps, you can easily remediate the misconfiguration of Lambda Functions not having tracing enabled in AWS.

Additional Reading:

https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Lambda Functions Should Have Tracing Enabled

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: