Cybersecurity, Best Practices with AWS Lambda
The purpose of this document is to help development teams associated with the University of Illinois fulfill their responsibility to comply with Illinois Cybersecurity standards.
Serverless technologies like AWS Lambda can help meet and maintain the security requirements set by university standards with less work.
The AWS resources linked from this KB can assist developers writing Lambda functions in meeting university standards IT04 - Server Security, IT05 - Identity Management, IT07 - Application Development Security, and IT08 - Development Process.
Lambda functions require relevant IAM policies in AWS. Users of AWS Lambda should ensure their policies satisfy the controls of IT05 - Identity Management.
IT14 - Incident Management requires teams to maintain an incident response plan. One consideration of such a plan is how to share logs with the Cybersecurity team during an incident. Be sure to Enable AWS CloudTrail or an equivalent logging solution.
Securing AWS Lambda
General Information about AWS Lambda can be accessed at https://docs.aws.amazon.com/lambda/latest/dg/welcome.html.
AWS Lambda Security information:
This source provides references to the following:
- Data protection in AWS Lambda
- Identity and access management for AWS Lambda
- Compliance validation for AWS Lambda
- Resilience in AWS Lambda
- Infrastructure security in AWS Lambda
- Configuration and vulnerability analysis in AWS Lambda
Note: Cloud Security, rather than server security, is the focus of these resources. It is important to be familiar with the Shared Responsibility Model, which is a function of security of and in the cloud.
Protecting Data in AWS
Data encryption in transit and encryption at rest help satisfy the controls of DAT01 - Institutional Data Security.
See AWS Lambda Data Protection via Encryption: