AWS Lambda function URL AuthType set to NONE
Description
This policy identifies AWS Lambda functions which have function URL AuthType set to NONE. AuthType determines how Lambda authenticates or authorises requests to your function URL. When AuthType is set to NONE, Lambda doesn't perform any authentication before invoking your function. It is highly recommended to set AuthType to AWS_IAM for Lambda function URL to authenticate via AWS IAM.
Code Example
go
resource "aws_lambda_function_url" "pass" {
function_name = aws_lambda_function.test.function_name
qualifier = "my_alias"
- authorization_type = "None"
+ authorization_type = "AWS_IAM"
}Remediation
Terraform
To fix this issue, ensure that the `authorization_type` property in the `aws_lambda_function_url` resource is set to a value other than `None`. For example, you can set it to `AWS_IAM` to enforce IAM-based authentication.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0306 |
| Severity | MEDIUM |
| IaC Type | Cloudformation |
| Frameworks | Terraform, CloudFormation |
| Checkov ID | CKV_AWS_258 |