Skip to main content

AWS Lambda function modified to allow public invocation

ID:aws_lambda_public
Data type:AWS CloudTrail
Severity:
Low
MITRE ATT&CK:TA0003:T1546

Description

AlphaSOC detected that an AWS Lambda function was modified to allow public invocation. AWS Lambda is a serverless compute service that executes code in response to events. Making an AWS Lambda function publicly accessible allows unauthorized users to execute code or access sensitive data without proper authentication.

Impact

A publicly accessible AWS Lambda function can be exploited by threat actors to execute code, potentially leading to data breaches, resource abuse, or further compromise of the AWS environment. This modification can result in unauthorized access to sensitive data or financial losses from excessive resource usage.

Severity

SeverityCondition
Low
AWS Lambda function modified to allow public invocation

Investigation and Remediation

Identify who made the modification and why. Review the function code and purpose to determine if public access is necessary. If not, revoke public access. Analyze AWS CloudTrail logs for other suspicious activity.

Known False Positives

  • The function was made intentionally public as part of a serverless API or webhook endpoint