Cybersecurity, Best Practices with AWS Lambda
Cybersecurity Best Practices with AWS Lambda
The purpose of this document is to help development teams associated with the University of Illinois fulfill their responsibility to comply with Illinois Cybersecurity standards.
Serverless technologies like AWS Lambda can help meet and maintain the security requirements set by University standards with less work.
The AWS resources linked from this KB can assist developers writing Lambda functions in meeting University standards IT04 Server Security, IT05 Identity Management, IT07 Application Development Security, and IT08 Development Process.
Lambda functions require relevant IAM policies in AWS. Users of AWS Lambda should ensure their policies satisfy IT05 Identity Management standards.
IT14 Incident Management Standard requires teams to maintain an incident response plan. One consideration of such a plan is how to share logs with the Cybersecurity team during an incident. Be sure to Enable AWS CloudTrail or an equivalent logging solution.
Securing AWS Lambda
General Information about AWS Lambda can be accessed at: https://docs.aws.amazon.com/lambda/latest/dg/welcome.html
AWS Lambda Security information: https://docs.aws.amazon.com/lambda/latest/dg/lambda-security.html
This source provides references to the following:
- Data protection in AWS Lambda: https://docs.aws.amazon.com/lambda/latest/dg/security-dataprotection.html
- Identity and access management for AWS Lambda: https://docs.aws.amazon.com/lambda/latest/dg/security-iam.html
- Compliance validation for AWS Lambda: https://docs.aws.amazon.com/lambda/latest/dg/security-compliance.html
- Resilience in AWS Lambda: https://docs.aws.amazon.com/lambda/latest/dg/security-resilience.html
- Infrastructure security in AWS Lambda: https://docs.aws.amazon.com/lambda/latest/dg/security-infrastructure.html
- Configuration and vulnerability analysis in AWS Lambda: https://docs.aws.amazon.com/lambda/latest/dg/security-configuration.html
Note: Cloud Security is the focus of the AWS Lambda Security source. It is important to be familiar with the Shared Responsibility Model, which is a function of security both of and in the cloud: https://aws.amazon.com/compliance/shared-responsibility-model/
Protecting Data in AWS
Data encryption in transit and encryption at rest help satisfy the Institutional Data Security standard (DAT01).
See AWS Lambda Data Protection via Encryption: https://docs.aws.amazon.com/lambda/latest/dg/security-dataprotection.html?icmpid=docs_lambda_landingpage