Lambda function policies should not allow wildcard principals

lambda
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

Lambda function resource policies should not grant access to wildcard principals (Principal: "*") without scoping conditions. An unconditional wildcard principal allows any AWS account or unauthenticated user to access the resource, creating a significant security risk. Wildcard principals scoped by policy conditions (such as aws:SourceAccount, aws:SourceArn, or aws:PrincipalOrgID) are not flagged, because the condition restricts effective access.

Remediation

Remove or restrict resource-based policy statements that grant access to wildcard principals. Alternatively, add scoping conditions that restrict access. For guidance, refer to Using resource-based policies for Lambda.