AWS Lambda function modified to allow public invocation

ID:aws_lambda_public

Data type:AWS CloudTrail

Severity:

Low

Description

AlphaSOC detected that an AWS Lambda function was modified to allow public invocation. AWS Lambda is a serverless compute service that executes code in response to events. Making an AWS Lambda function publicly accessible allows unauthorized users to execute code or access sensitive data without proper authentication.

Impact

A publicly accessible AWS Lambda function can be exploited by threat actors to execute code, potentially leading to data breaches, resource abuse, or further compromise of the AWS environment. This modification can result in unauthorized access to sensitive data or financial losses from excessive resource usage.

Severity

Severity	Condition
Low	AWS Lambda function modified to allow public invocation

Investigation and Remediation

Identify who made the modification and why. Review the function code and purpose to determine if public access is necessary. If not, revoke public access. Analyze AWS CloudTrail logs for other suspicious activity.

Known False Positives

The function was made intentionally public as part of a serverless API or webhook endpoint

Description​

Impact​

Severity​

Investigation and Remediation​

Known False Positives​

Description

Impact

Severity

Investigation and Remediation

Known False Positives