Lambda Security Risks
Security considerations for AWS Lambda functions
Key Risks
- Overprivileged execution roles - Functions with broader permissions than needed
- Dependency vulnerabilities - Unpatched libraries in deployment packages
- Secrets in environment variables - Unencrypted sensitive data
- Public function URLs - Unintended exposure without authentication
- Event injection - Malicious payloads in event sources
Resources
- OWASP Serverless Top 10
- AWS Lambda Security Best Practices
- Serverless Security: What’s Left to Protect?