Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
IAM/ Access Control
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CSA-CCMISO-27001SOC-2
- Snyk IDSNYK-CC-00218
- creditSnyk Research Team
Description
Wildcard permissions grant broad permissions. The best practice recommends providing only required permissions explicitly.
How to fix?
Ensure that the action attribute is not set to an invalid action.
Invalid actions are:
"*""lambda:*"
Example configuration:
resource "aws_lambda_permission" "example" {
action = "lambda:InvokeFunction"
# other required fields here
}
Ensure that the Action property is not set to an invalid action.
Invalid actions are:
"*""lambda:*"
Example configuration:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
# other required properties