Potentially sensitive variable in Lambda environment Affecting Lambda service in AWS

Severity Framework Snyk CCSS

Rule category Keys and Secrets / Access

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls

Snyk ID SNYK-CC-00337
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

A secret value has been declared in an environment variable. The secret value will readable to anyone with access to the version control system.

How to fix?

Remove the secret value from the environment.variables definition.

Example Configuration

resource "aws_lambda_function" "valid" {
  function_name    = "valid"
  role             = aws_iam_role.lambda_role.arn
  handler          = "index.handler"
  runtime          = "nodejs12.x"
  filename         = data.archive_file.lambda_source.output_path
  source_code_hash = data.archive_file.lambda_source.output_base64sha256

  environment {
    variables = {
      env = "development"
    }
  }
}

Terraform

Resource: aws_lambda_function

References

Using AWS Lambda environment variables