Lateral movement
Recommended Mitigation
Define the specific permissions needed for the function in the IAM role policy - can be done by detach {AwsLambdaFunction.FunctionRole} role from the privileged policy, and attach it to a more explicit one. ## Remediation --- >1. Sign in to the AWS Management Console and open the **[IAM console](https://console.aws.amazon.com/iam/)**. >2. In the navigation pane, choose **Roles**, and then select the desired role. >3. In order to attach the role to a more explicit policy: >>a. Under **Permissions policies** in **Permissions** tab, choose **Add permissions**. >>b. Choose **Attach policies**. >>c. Select the desired policy. >>d. Choose **Attach policies**. >4. In order to detach the role from the permissive policy: >>a. Under **Permissions policies** in **Permissions** tab, select the permissive policy. >>b. Choose **Remove**. >>c. In the confirmation dialog box, choose **Delete**.
