Runtime of Lambda is deprecated
Description
This policy is checking to make sure that the runtime used for Lambda is not deprecated. Lambda is an AWS service which lets you run your code without provisioning or managing servers. A runtime in this context refers to the programming language environment in which your code will be executed.
Using deprecated runtimes can be problematic for several reasons. Deprecated runtimes may no longer receive security updates, leaving your code vulnerable to newly discovered security threats. Additionally, deprecated runtimes might not support the latest language features, and can result in compatibility issues with other software in your stack. Using outdated runtimes can also lead to increased maintenance costs and technical debt as the runtime becomes further out of date.
Code Example
resource "aws_lambda_function" "lambda_function" {
...
- runtime = "nodejs8.10"
+ runtime = "nodejs18.x"
}Remediation
Terraform
- Resource: aws_lambda_function
- Arguments: runtime
To fix this issue, you must define your AWS Lambda function with a current, supported runtime. Deprecated runtimes are not maintained and may contain vulnerabilities.
Assuming you had originally defined your Lambda function with a deprecated runtime using Terraform, like the following:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0410 |
| Severity | MEDIUM |
| IaC Type | Cloudformation |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_363 |