Lambda Unauthenticated Endpoint via Function URL Without Auth

Last updated on:

About the rule

Rule Type

Standard

Rule Description

Detects Lambda function URL creation with authType:NONE, exposing the function to unauthenticated access.

Severity

Critical

Rule Requirement

Criteria

Action1: actionname = "New AWS Lambda Function URL Configuration Created" AND (REQUESTPARAMETERS contains "authType:NONE") select Action1.CALLER,Action1.HOSTNAME,Action1.IPADDRESS,Action1.LOG_EVENT_NAME,Action1.SOURCE,Action1.SOURCE_REGION,Action1.REQUESTPARAMETERS

Detection

Execution Mode

realtime

Log Sources

AWS