bilzard/node_aws_blackbelt_online_seminar_aws_lambda_part4.md

Created May 31, 2019 04:13

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/bilzard/0614e52099c5f3d75a5c819e539e6dea.js"></script>
Save bilzard/0614e52099c5f3d75a5c819e539e6dea to your computer and use it in GitHub Desktop.

Download ZIP

Security consideration for your Lambda Functions

Raw

node_aws_blackbelt_online_seminar_aws_lambda_part4.md

Note: AWS blackbelt online seminar - part4

Security consideration for your Lambda Functions

Speaker: 西谷圭介, AWS Japan

Security assured by AWS

EC2 model vs. Firecracker model
- EC2 model
  - VMs are separated between AWS accounts
  - Lambda's execution environments are shared in a AWS account
- Firecracker model
  - VMs and Lambda's execution environment are separated between AWS accounts

Security that customers should consider

TIPS: Asyncronous event source uses intrinsic SQS queue (which is not visible for customers)
1 lambda function - 1 IAM Role
Validate requests
- if you are using API Gateway, request validation is available
Do not hard code secret informations, instead:
- encrypt by KMS
- store in SSM
- store in Environment variables
Run vulneravility scan on the 3rd party dependencies
- OWASP
- Synk
- Twistlock

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment