Ensure that your Amazon Lambda functions do not have administrative permissions (i.e. access to all AWS actions and resources) in order to promote the Principle of Least Privilege and provide your functions the minimal amount of access required to perform their tasks.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
The permissions assumed by an AWS Lambda function are determined by the IAM execution role associated with the function. With the right execution role, you can control the privileges that your Lambda function has, therefore, instead of providing administrative permissions you should grant the role the necessary permissions that your function really needs.
To identify any Lambda functions with admin privileges, available in your AWS account, perform the following
To implement the Principle of Least Privilege and provide your Lambda functions with the right set of permissions instead of full administrative permissions, perform the following: