Lambda functions missing provisioned concurrency configuration Affecting Lambda service in AWS


Severity

0.0
medium
0
10
Severity Framework
Snyk CCSS
Rule category
Availability/ Limits

Is your environment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
Frameworks
  • Snyk IDSNYK-CC-00751
  • creditSnyk Research Team

Description

Provisioned concurrency is the number of pre-initialized execution environments allocated to a function. If provisioned concurrency is set on a function, Lambda initializes that number of execution environments so that they are prepared to respond immediately to function requests. Provisioned Concurrency is ideal for building latency-sensitive applications, such as web or mobile backends, synchronously invoked APIs, and interactive microservices to avoid any cold starts.

How to fix?

Set aws_lambda_provisioned_concurrency_config.function_name to a valid aws_lambda_function and aws_lambda_provisioned_concurrency_config.provisioned_concurrent_executions >=0.

Example Configuration


resource "aws_lambda_function" "allowed_lambda" {
filename                       = "/home/path/to/hello-python.zip"
function_name                  = "lambda_function_allowed1"
role                           = aws_iam_role.lambda_role.arn
handler                        = "index.lambda_handler"
runtime                        = "python3.8"
publish     = true
reserved_concurrent_executions = 50
depends_on                     = [aws_iam_role_policy_attachment.attach_iam_policy_to_iam_role]
}

resource "aws_lambda_provisioned_concurrency_config" "allowed" {
  function_name                     = aws_lambda_function.allowed_lambda.function_name
  provisioned_concurrent_executions = 5
  qualifier                         = aws_lambda_function.allowed_lambda.version
}