Suspicious activity

Lambda function that exposes secrets is reached from malicious IP address

Risk Level

Imminent Compromised (2)



Orca detected AWS lambda function {AwsLambdaFunction} with environment variables exposing AWS access key or secret. This action may indicate of a presence of an unauthorized actor in the cloud environment, since the Lambda function is invoked from Malicious IP address.
  • Recommended Mitigation

    Review your Lambda functions and make sure they do not contain secrets. We recommend to store AWS secrets in dedicated services like Secrets Manager or Parameter Store, or encrypt the environment variables with a dedicated KMS key.