Check whether your Amazon Lambda functions are configured with function URLs for HTTP(S) endpoints. A function URL creates a direct HTTP(S) endpoint to your function and this may pose a security risk depending on the security configuration and intention of the function.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
A function URL is a dedicated HTTP(S) endpoint created for your Amazon Lambda function. You can use a function URL to invoke your Lambda function through a browser, curl, Postman, or an HTTP client. However, a function URL should be used with caution, and should only be applied on functions with relevant and secure access control, otherwise you risk exposing your application to the public.
Audit
To determine if your Amazon Lambda functions are configured to use function URLs, perform the following actions:
Remediation / Resolution
Case A: To disable function URLs for your Amazon Lambda functions in order to prevent unauthenticated access via URLs, perform the following actions:
Case B: To reconfigure the function URLs created for your Amazon Lambda functions in order to use IAM authentication, perform the following operations:
References
- AWS Documentation
- Lambda function URLs
- Creating and managing Lambda function URLs
- Security and auth model for Lambda function URLs
- Monitoring Lambda function URLs
- AWS Command Line Interface (CLI) Documentation
- lambda
- list-functions
- list-function-url-configs
- delete-function-url-config
- update-function-url-config