Lambda Functions must have an associated tag

Tags are key-value pairs that you attach to AWS resources to better organize them. They are particularly useful when you have many resources of the same type, which in the case of AWS Lambda, is a function. By using tags, customers with hundreds of Lambda functions can easily access and analyze a specific set by filtering on those that contain the same tag. Two of the key advantages of tagging your Lambda functions are: Grouping and Filtering and Cost allocation.

Risk Level: Low
Cloud Entity: AWS Lambda
CloudGuard Rule ID: D9.AWS.AS.03
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

Lambda should have tags

REMEDIATION

From Portal

  1. Navigate to: https://console.aws.amazon.com/lambda/home#/functions.
  2. Choose the name of a function.
  3. Choose Configuration, and then choose Tags.
  4. Under Tags, choose Manage tags.
  5. Choose Add new tag, and then enter a Key and an optional Value. To add more tags, repeat this step.
  6. Choose Save.

From TF

resource "aws_lambda_function" "test" {
	runtime = "nodejs12.x"
	
	+ tags = {
		+   Name = "TAG_NAME"
	+ }
}

From CLI
To add tags to an existing function, use the tag-resource command.

aws lambda tag-resource --resource arn:aws:lambda:us-east-2:123456789012:function:my-function --tags Department=Marketing,CostCenter=1234ABCD

To remove tags, use the untag-resource command.

aws lambda untag-resource --resource arn:aws:lambda:us-east-1:123456789012:function:my-function --tag-keys Department

References

  1. https://docs.aws.amazon.com/lambda/latest/dg/configuration-tags.html

AWS Lambda

AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume - there is no charge when your code is not running.

With Lambda, you can run code for virtually any type of application or backend service - all with zero administration. Just upload your code and Lambda takes care of everything required to run and scale your code with high availability. You can set up your code to automatically trigger from other AWS services or call it directly from any web or mobile app.

Compliance Frameworks

  • AWS CCPA Framework
  • AWS CloudGuard Best Practices
  • AWS CloudGuard CheckUp
  • AWS CloudGuard SOC2 based on AICPA TSC 2017
  • AWS HITRUST
  • AWS HITRUST v11.0.0
  • AWS ISO 27001:2013
  • AWS ISO27001:2022
  • AWS ITSG-33
  • AWS MAS TRM Framework
  • AWS NIST 800-53 Rev 5
  • CloudGuard AWS All Rules Ruleset