AWS Lambda functions with tracing not enabled
Description
X-Ray tracing in lambda functions allows you to visualize and troubleshoot errors and performance bottlenecks, and investigate requests that resulted in an error.
Code Example
go
tracing_config {
mode = "Active"
}Remediation
- AWS Console*
To change the policy using the AWS Console, follow these steps:
. Log in to the AWS Management Console at https://console.aws.amazon.com/.
. Open the https://console.aws.amazon.com/lambda/ [Amazon Lambda console].
. Open the function to modify.
. Click the * Configuration* tab.
. Open the * Monitoring and operations tools* on the left side.
. Click * Edit*.
. Enable * Active tracing* for AWS X-ray.
. Click * Save*.
- CLI Command*
To enable X-Ray tracing for a function, use the following command:
aws lambda update-function-configuration --function-name MY_FUNCTION
--tracing-config Mode=Active
=== Fix - Buildtime
Terraform
Add the following block to a Terraform Lambda resource to add X-Ray tracing:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0104 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_50 |