Cybersecurity, Best Practices with AWS Lambda

Cybersecurity Best Practices with AWS Lambda

Introductory Information 

The purpose of this document is to help development teams associated with the University of Illinois fulfill their responsibility to comply with Illinois Cybersecurity standards.

Serverless technologies like AWS Lambda can help meet and maintain the security requirements set by University standards with less work.

The AWS resources linked from this KB can assist developers writing Lambda functions in meeting University standards IT04 Server Security, IT05 Identity Management, IT07 Application Development Security, and IT08 Development Process.

Lambda functions require relevant IAM policies in AWS. Users of AWS Lambda should ensure their policies satisfy IT05 Identity Management standards.

IT14 Incident Management Standard requires teams to maintain an incident response plan. One consideration of such a plan is how to share logs with the Cybersecurity team during an incident. Be sure to Enable AWS CloudTrail or an equivalent logging solution.

Securing AWS Lambda

General Information about AWS Lambda can be accessed at: https://docs.aws.amazon.com/lambda/latest/dg/welcome.html

AWS Lambda Security information: https://docs.aws.amazon.com/lambda/latest/dg/lambda-security.html

This source provides references to the following:

Note: Cloud Security is the focus of the AWS Lambda Security source. It is important to be familiar with the Shared Responsibility Model, which is a function of security both of and in the cloud: https://aws.amazon.com/compliance/shared-responsibility-model/

Protecting Data in AWS

Data encryption in transit and encryption at rest help satisfy the Institutional Data Security standard (DAT01).

See AWS Lambda Data Protection via Encryption: https://docs.aws.amazon.com/lambda/latest/dg/security-dataprotection.html?icmpid=docs_lambda_landingpage