Ensure that lambda function permission has a source arn specified
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | lambda |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
When an AWS Lambda permission is created without specifying a source ARN, any resource from the specified AWS service principal can invoke the Lambda function. This lack of restriction allows invocation from unintended or even external AWS accounts.
Impact#
Without a source ARN, attackers or unauthorized AWS resources could trigger the Lambda function, potentially leading to data leaks, unauthorized actions, or service disruptions. This broad access increases the risk of compromise and loss of control over Lambda executions.
Resolution#
Always provide a source arn for Lambda permissions