Lambda function runtime outdated
Hazardous (3)
- AWS Foundational Security Best Practices Controls ,
- cis_8 ,
- NIST 800-53 ,
- Orca Best Practices
About Lambda Functions
AWS Lambda is an event-driven, serverless platform that lets you run code directly inside standardized runtime environments—without having to provision or configure infrastructure. You don’t have to worry about creating new servers/containers with optimal resource specifications, or managing memory—it’s all done by the platform. As a developer, your only job is to execute your business logic via Lambda functions.
The best part about Lambda is that it enables your application to scale up or down based on demand.
The main AWS Lambda principles are:
- Vendor-managed platform to initiate code run with predefined triggers
- High resource availability
- Automatic immediate scalability
- Pay-per-use
Developers can trigger logic execution using the Lambda API, based on events generated by other AWS services (e.g., if Lambda receives a “user signup” event from a web application, it can execute the function that inserts user data into a database.
Lambda executes functions inside runtime environments that support multiple languages and platforms, e.g., Python, Node.js, Go, and Java. The runtime uses configurations that you specify while creating a function.
Cloud Risk Description
An outdated Lambda runtime might lack critical vulnerability patches or bug fixes. And your applications and data are at risk of compromise if the runtime versions of any of your Lambda functions are outdated. Moreover, outdated versions are less likely to contain the latest features or guarantee maximum performance. Ensure that you always use the latest runtime versions of your Lambda functions to access up-to-date features and security fixes.
How Orca Can Help
Orca discovers neglected workloads, i.e., machines running an unpatched or unsupported OS. In this specific example, Orca alerts you to outdated Lambda runtime, as seen in the screenshot above.
Recommended Mitigation Strategies
-
Always use the latest runtime versions for all Lambda functions.
-
Regularly audit to look for older/outdated runtimes and immediately upgrade them to the latest versions.
-
If you use third-party libraries in your Lambda functions, make sure you update them as and when required.
-
Encrypt Lambda environment variables that store security-critical data like passwords, encryption keys, and hash salts.
Useful Links
- Lambda runtimes: https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html
- AWS Lambda execution environment: https://docs.aws.amazon.com/lambda/latest/dg/runtimes-context.html
- Runtime deprecation policy: https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html
- AWS Lambda runtime API: https://docs.aws.amazon.com/lambda/latest/dg/runtimes-api.html
- Invoking Lambda functions: https://docs.aws.amazon.com/lambda/latest/dg/lambda-invocation.html
- Configuring AWS Lambda functions: https://docs.aws.amazon.com/lambda/latest/dg/lambda-functions.html
Orca Security, the cloud security innovation leader, provides cloud-wide, workload-deep security and compliance for AWS, Azure, and GCP - without the gaps in coverage, alert fatigue, and operational costs of agents.