Ensure that your Amazon Lambda functions do not share the same AWS IAM execution role in order to promote the Principle of Least Privilege (POLP) by providing each individual function the minimal amount of access required to perform its tasks. There should be always a one-to-one relationship between your AWS Lambda functions and their IAM roles, meaning that each Lambda function should have its own IAM execution role, therefore this role should not be shared between functions.
The permissions assumed by an AWS Lambda function are determined by the IAM execution role associated with the function. Using this IAM role with more than one Lambda function will violate the Principle of Least Privilege. With the right IAM execution role you can control the privileges that your Lambda function has, thus instead of providing full or generic permissions you should grant each execution the permissions that your function really needs.
To identify any AWS Lambda functions that share the same IAM role, perform the following:
To implement the Principle of Least Privilege and create a separate IAM role (with the right set of permissions) for each individual Lambda function, perform the following: