TyReed12
commented
5 years ago When it comes to securing who can access, create, and trigger our lambda triggers, we will be able to use IAM roles to assign access and permissions to the appropriate people. If we are concerned about rogue actors gaining access despite not having these permissions, we are able to setup alarms in Cloudwatch that would notify us whenever a change in the security configuration (Access and Permissions) is made as well as when any lambda function is triggered. This is all done in the CloudWatch console.
I've also attached a couple of articles that talk about best security practices when creating and using lambda functions. It's very important that none of our lambda functions are exposed, which means they can be used by anonymous users that have not been given IAM role access.
Time spent so far: 3 hours
https://www.cloudconformity.com/conformity-rules/Lambda/function-exposed.html https://www.protego.io/aws-lambda-security-best-practices/ https://www.cloudconformity.com/conformity-rules/CloudWatchLogs/securitygroup-changes-alarm.html
toddysm
Our crawler code will predominantly sit in a lambda function, which will be triggered at some point in time. Because we will need to trigger both on timer and on demand, we will need a way to secure our crawler from being triggered by a rogue actor.
Please indicate the time spent on this, any issues that you are having, any good references you found for this subject, and credit anyone helped you out.