Lambda Unauthenticated Endpoint via Function URL Without Auth
Last updated on:
In this page
About the rule
Rule Type
Standard
Rule Description
Detects Lambda function URL creation with authType:NONE, exposing the function to unauthenticated access.
Severity
Critical
Rule Requirement
Criteria
Action1:
actionname = "New AWS Lambda Function URL Configuration Created" AND (REQUESTPARAMETERS contains "authType:NONE")
select Action1.CALLER,Action1.HOSTNAME,Action1.IPADDRESS,Action1.LOG_EVENT_NAME,Action1.SOURCE,Action1.SOURCE_REGION,Action1.REQUESTPARAMETERS
Detection
Execution Mode
realtime
Log Sources
AWS


