Aws Function Exposed
Description
Detects AWS Lambda functions that have overly permissive resource-based policies which could allow unauthorized access. The detector identifies Lambda functions whose policy statements grant broad permissions to external principals, potentially exposing the function to security risks through unintended invocations.
Detection Strategy
• Scans all Lambda functions in the specified AWS region
• Retrieves and analyzes the resource-based policy (execution policy) attached to each Lambda function
• Reports a vulnerability when a policy statement contains overly permissive configurations such as wildcard principals ('*') or broad cross-account access
• Flags policy statements that grant excessive permissions beyond necessary function invocation rights
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.