github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/lambda/AVD-AWS-0067/CloudFormation.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/lambda/AVD-AWS-0067/CloudFormation.md (about)

     1  
     2  Always provide a source arn for Lambda permissions
     3  
     4  ```yaml---
     5  Resources:
     6    GoodExample:
     7      Type: AWS::Lambda::Function
     8      Properties:
     9        Handler: index.handler
    10        Role: arn:aws:iam::123456789012:role/lambda-role
    11        Code:
    12          S3Bucket: my-bucket
    13          S3Key: function.zip
    14        Runtime: nodejs12.x
    15        Timeout: 5
    16        TracingConfig:
    17          Mode: Active
    18        VpcConfig:
    19          SecurityGroupIds:
    20            - sg-085912345678492fb
    21          SubnetIds:
    22            - subnet-071f712345678e7c8
    23            - subnet-07fd123456788a036
    24    GoodPermission:
    25      Type: AWS::Lambda::Permission
    26      Properties:
    27        FunctionName: !Ref BadExample
    28        Action: lambda:InvokeFunction
    29        Principal: s3.amazonaws.com
    30        SourceArn: "lambda.amazonaws.com"
    31    
    32  
    33  ```
    34  
    35