- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
This control ensures that none of your Lambda functions are attached to a highly-privileged execution role. Reducing privileges for these roles minimizes security risks and potential vulnerabilities in your AWS environment.
Note: Lambda execution roles are the preferred way to grant Lambda functions access to AWS APIs. However, associating a function with a privileged IAM role is risky because an attacker, exploiting an application-level vulnerability, could compromise your entire AWS account.
Lambda functions typically do not require privileged IAM roles. It is recommended to reduce the permissions attached to the execution role. You can use AWS Access Advisor to identify the effective permissions used by your Lambda functions and use AWS IAM Access Analyzer to generate an IAM policy based on past CloudTrail events.