[Lambda.2]
Lambda functions should use supported runtimes
Description
All Lambda functions should use one of the runtimes supported by AWS. The list of supported runtimes at the time of writing this document can be found in the following details section, but these are subject to change. Please refer to AWS website for supported runtimes. This rule is COMPLIANT when the runtime used is in the list of supported runtimes.
Details
| Property | Value |
|---|---|
| Category | Protect > Secure development |
| Compliance Control ID | Lambda.2 |
| FortifyFox ID | FF100018 |
| Link | Lambda.2 Compliance |
| Resource Type(s) | AWS::Lambda::Function |
| Severity | Medium |
Remediation
Use the following CloudFormation templates to deploy a Lambda function compliant with Lambda.2
YAML Template
Resources:
lambdaFunction:
Type: AWS::Lambda::Function
Properties:
Runtime: RUNTIME
JSON Template
{
"Resources": {
"lambdaFunction": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Runtime": "RUNTIME"
}
}
}
}
You will need to replace RUNTIME with one of the supported runtimes. The supported runtimes are:
nodejs14.x,nodejs12.x,python3.9,python3.8,python3.7,python3.6,ruby2.7,java11,java8,java8.al2,go1.x,dotnetcore3.1,dotnet6
📓 Notes
- You must have created an IAM role to execute Lambda functions with the following Managed policies:
- arn:aws:iam::aws:policy/AWSLambdaExecute
- arn:aws:iam::aws:policy/AmazonS3FullAccess
- arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess
- arn:aws:iam::aws:policy/AmazonKinesisFullAccess
<br>