Lambda risks

Every couple years I find myself needing to brush up on the risks and threat model of AWS Lambda.

This is an index of security considerations. It excludes web application risks like authentication and authorization. It focuses on attack vectors, and as a result skips CI/CD concerns like the risks of Lambda Layers.

Attackers targeting a Lambda can:

  1. backdoor it, given RCE
  2. retrieve the source, given RCE
  3. retrieve environment variables, given a file read vulnerability or SSRF (with the file: protocol). This includes IAM credentials for the Lambda and event data.
  4. given permission to invoke the function, view its logs
  5. generate a fork bomb
  6. abuse a low concurrency limit by causing a DoS
  7. abuse a high concurrency limit by causing a Denial of Wallet attack
  8. cause a DoS by exhausting disk capacity (i.e tmp)
  9. cause a DoS by exhausting API limits
  10. monetize an RCE via cryptomining (note: there is a GuardDuty detection, but it will not function if the Lambda is not attached to a VPC)
  11. pivot via shared or over-privileged IAM roles
  12. access data cross-process exposed in /tmp during warm start invocations
  13. exfiltrate the account id via get-caller-identity and attack outside-in