Reputation: 305
Tracking AWS Lambda functions to detect for human intervention and compromise
If I have an application that runs solely as lambda functions within AWS, is there a way I can setup the logging to tell me how my lambda was executed? For example, I only want the application to be able to execute the lambda based on triggers, but I want to be able to detect if someone logged in and executed one by hand, or even worse, if someone externally was able to remotely execute a lambda.
I understand that I can lock these things down, and they are, and there are guardrails to help prevent external access; but on top of this, I still want to be able to detect and verify that only the application is executing the lambda. Ideally, there's something that I can trace in the logging that shows me an execution IP that I can verify comes from the lambda service, or a log that states how the lambda was executed, then I could trace that back to an executing application or service.
Upvotes: 0
Views: 117
Answers (1)
Reputation: 35188
You can use CloudTrail logging to retrospectively evaluate how your Lambda was invoked. If you go with this option you will need to enable Lambda logging as this is disabled by default.
It will push logs into S3 which you could retrospectively parse and evaluate if this happened.
You can add restrictions to invoking the Lambda via its function policy. By using conditions you can tighten exactly which resources can invoke.
Upvotes: 2
Related Questions
- FInd out who invoked AWS lambda function
- Monitoring on aws lambda
- Monitoring AWS Lambda errors
- AWS lambda monitoring. how to find the culprit function
- How To Prevent AWS Lambda Abuse by 3rd-party apps
- Tracking Async Lambda execution on AWS
- How to figure out lambdas that are contributing to my invocation counts/costs
- AWS Lambda logs
- Long term tracking AWS lambda executions
- How do I protect myself from AWS Lambda abuse?