AWS Lambda Security

Summary

The website content provides a comprehensive collection of articles and resources on AWS Lambda security, covering topics such as secrets management, networking, architecture, batch jobs, and IAM, authored by Teri Radichel.

Abstract

The content serves as a repository of expert insights into AWS Lambda security, offering a series of articles that delve into various aspects of securing Lambda functions within the AWS ecosystem. Teri Radichel, a recognized cybersecurity professional, presents guidance on automating AWS account creation, securing Lambda functions against XSS and injection attacks, managing secrets, deploying Lambda functions, and leveraging containers for governance and secure configurations. The articles also explore network design for serverless applications, the use of AWS services like Systems Manager Parameter Store, and the comparison between AWS Secrets Manager and SSM Parameter Store. Additionally, Radichel discusses IoT security in the context of AWS 1-Click Buttons, the use of Python and Boto3 in AWS, and the creation of custom Lambda runtimes. The content emphasizes practical security measures, error handling, and troubleshooting within AWS Lambda environments, while also providing naming conventions, network security strategies, application security best practices, and container security considerations.

Opinions

Teri Radichel advocates for the use of automation in AWS account creation to enhance governance and secure baseline configurations.
The author emphasizes the importance of proper input validation in Lambda functions to prevent injection attacks.
Radichel suggests using AWS Systems Manager Parameter Store for managing configuration data and secrets.
There is a preference for using containers in Lambda functions to ensure consistent and compliant deployments.
The articles suggest that choosing the right architecture, whether Lambda or container-based, is crucial for application performance and security.
The author recommends implementing custom Lambda runtimes, particularly for executing bash scripts within containers, to enhance flexibility and control.
Error handling within custom bash runtimes is highlighted as an important practice for maintaining system reliability and security.
Radichel provides troubleshooting tips for Lambda networking issues, especially when accessing private networks through a NAT.
The content promotes the adoption of clear naming conventions for AWS resources to improve resource management and security incident response.
The author's expertise in network security, application security, and container security is presented as a foundation for the security strategies discussed in the articles.

About Teri Radichel: ~~~~~~~~~~~~~~~~~~~~ ⭐️ Author: Cybersecurity Books ⭐️ Presentations: Presentations by Teri Radichel ⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty ⭐️ Certifications: SANS ~ GSE 240 ⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec ⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab

Need Help With Cybersecurity, Cloud, or Application Security? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 🔒 Request a penetration test or security assessment 🔒 Schedule a consulting call 🔒 Cybersecurity Speaker for Presentation

Follow for more stories like this: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ❤️ Sign Up my Medium Email List ❤️ Twitter: @teriradichel ❤️ LinkedIn: https://www.linkedin.com/in/teriradichel ❤️ Mastodon: @teriradichel@infosec.exchange ❤️ Facebook: 2nd Sight Lab ❤️ YouTube: @2ndsightlab

AWS Lambda Security

Posts on Lambda Security by Teri Radichel

Automate AWS Account Creation

ACM.12 Better governance through a secure baseline and automated account provisioning with Control Tower and Account…

Lambda Functions as Batch Jobs

ACM.268 Lambda functions for short-lived batch operations

Lambda Networking Best Practices

ACM.267 How A VPC would have protected your application from a Log4J vulnerability attack — or not

Parameters in Lambda Functions that lead to XSS and Injection

ACM.56 How I might abuse your Lambda function on a pentest if you don’t properly secure your inputs

Validating Input Parameters in A Lambda Function

ACM.57 How to prevent all manner of injection attacks in a Lambda function and other types of system components

Automating a Lambda Function Deployment

ACM.52 Creating a Lambda function to generate a Job ID

Sending an SMS Message from a Lambda Function

ACM.54 Getting a phone number from Pinpoint

Lambda Networking

ACM.50 Considering when to apply or not apply VPC networking to a Lambda function

Using AWS Systems Manager Parameter Store with AWS Lambda

ACM.58 Creating a parameter to store our batch job session

Components of a Static Web Site on AWS

ACM.227 Route 53, TLS, S3, API Gateway, CloudFront, WAF, and triggering Lambda Functions

Keeping Credentials Out of GitHub

ACM.48: Manually creating a Lambda function to retrieve secrets from secrets manager

.NET AWS Lambda Function

A lot of pen testers are using .NET more lately, so thought I’d give it another look. Might come in handy :)

Network Design: Serverless Applications

ACM.73 Thinking through serverless network architecture

AWS Secrets Manager vs. SSM Parameter Store

ACM.119 Choosing where to store secrets and configuration data

IoT Security ~ AWS 1-Click Buttons

I mentioned in my post for the AWS Blog that I would explain later why I used an AWS IoT Button for just-in-time access…

Using Python and Boto3 in AWS

ACM.55 Boto3 in a Lambda Function and later in AWS Batch

Leveraging Containers in Lambda for Governance, Secure Configurations, and Portability

ACM.288 Containers everywhere for consistency and compliance

A Single Template Each for Lambda Functions, Roles, and Policies

ACM.289 The quest for faster, compliant deployments

Allow Lambda to Pull Containers from Elastic Container Registry

ACM.295 Add a policy to ECR to allow lambda to access images

Deploying a Lambda running a Container using CloudFormation

ACM.298 Leveraging ECR and our prior VPC with NAT deployment

Testing a Lambda function with the AWS Console and Enabling CloudWatch Logs and Metrics

ACM.299 Restricting Lambda functions to write to their own CloudWatch logs groups

Lambda Architecture vs. Container Architecture

ACM.300 Resolving errors caused by architecture mismatch

Fixing Application Errors Inside a Container Used By a Lambda Function and Redeploying It

ACM.301 The benefits and risks of redeploying a container used by a Lambda function

Testing Lambda Functions Locally Outside of Lambda

ACM.302 Using the AWS Lambda Runtime Interface Emulator (RIE) and how system architectures affect it

Why Do I Need a Language Specific Runtime in a Lambda Container?

ACM.303 Why doesn’t Lambda just run any OCI Compliant container?

Custom Lambda Runtimes

ACM.304 Overview of a custom Lambda runtime to execute bash scripts deployed in a container in Lambda

Custom Bash Runtime for Lambda Container

ACM.305 Using AWS base images for a container that runs a custom Lambda runtime

Adding Error Handling to Bash Custom Lambda Runtime

ACM.306 Using Bash trap to capture and handle errors in bash scripts

Using the Lambda Runtime Interface Emulator With a Custom Bash Runtime

ACM.307 Revisiting the RIE with a revamped Arm container for Lambda

Troubleshooting Lambda Networking

ACM.308 Validating private network access and troubleshooting issues access from a private VPC through a NAT

AWS Resources Organization and Naming Conventions

ACM.40 Organizing AWS resources to find resources, reduce errors, plan for growth, and handle security incidents more…

Network Security

Blog posts, papers, and articles on Network Security by Teri Radichel

Application Security

Compilation of stories on Application Security (AppSec) and Secure Code by Teri Radichel

Container Security

Posts on Docker, Containers, and Container Security by Teri Radichel

Batch Job Security

Stories about security batch jobs by Teri Radichel