Lambda permission has wildcard action Affecting Lambda service in AWS


Severity

0.0
high
0
10
    Severity Framework
    Snyk CCSS
    Rule category
    IAM / Access Control

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
    Frameworks
    CSA-CCM ISO-27001 SOC-2
  • Snyk ID SNYK-CC-00218
  • credit Snyk Research Team

Description

Wildcard permissions grant broad permissions. The best practice recommends providing only required permissions explicitly.

How to fix?

Ensure that the action attribute is not set to an invalid action.

Invalid actions are:

  • "*"
  • "lambda:*"

Example Configuration

resource "aws_lambda_permission" "example" {
  action = "lambda:InvokeFunction"
  # other required fields here
}