Lambda Has Public URL

Overview

Lambda functions can have public URLs that allow for direct invocation. This is controlled by a combination of the function URL config and one or more resource policies. To correct this finding, remove the function URL config or set it to IAM auth.

Vendor

AWS

Cloud Service

Lambda

References

https://aws.amazon.com/about-aws/whats-new/2022/04/aws-lambda-function-urls-built-in-https-endpoints/

Severity

Item Types

AWS::Lambda::Function

Overview​

Vendor​

Cloud Service​

Related Requirements​

Related Controls​

References​

Severity​

Item Types​