Lambda Function has Resource-based Policy With Public Access
Overview
The resource policy for the lambda function has one of the following Allow Statement Principals:
- *
- AWS:*
- CanonicalUser:*
- Services:*
- Federated:*
A public resource policy allows anyone - anywhere - to perform API operations against the lambda function, including invoke
Vendor
AWS
Cloud Service
Lambda
Related Requirements
Related Controls
Lambda.1
References
https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html
Severity
4
Item Types
AWS::Lambda::Function