Ensure Lambda function does not have Admin privileges

Error: Lambda function has Admin privileges

Bridgecrew Policy ID: BC_AWS_SERVERLESS_1
Severity: CRITICAL

Lambda function has Admin privileges

Description

AWS Lambda permissions are determined by the IAM execution role associated with the function. With an elevated execution role, an attacker can control the privileges that your Lambda function has.

We recommend you grant the IAM execution role the necessary permissions that your Lambda function needs, instead of providing administrative permissions.

Fix - Runtime

AWS Console

To change the policy using the AWS Console, follow these steps:

  1. Log in to the AWS Management Console at https://console.aws.amazon.com/.
  2. Open the IAM console.
  3. In the navigation panel, select Roles.
  4. Enter the Lambda execution role.
  5. Select the IAM execution role returned in the result set.
  6. Navigate to the IAM role configuration page, select the Permissions tab in the bottom panel.
  7. To access the policy 7. document (JSON format) in the Policy name column, click the attached IAM policy name.
  8. Inside the JSON panel, If the elements values are set to "*" and the Effect is set to Allow, remove them.