11
Resources
107
Total Findings
143
Rules Executed
15
Unique Rules
0
Suppressed
6.451s
Timespent
Summary
Filter
UseArmArchitecture
Performance Efficiency- Description
- 11 of your Lambda function(s) are not using arm64 architecture. Lambda functions that use arm64 architecture (AWS Graviton2 processor) can achieve significantly better price and performance than the equivalent function running on x86_64 architecture. Consider using arm64 for compute-intensive applications such as high-performance computing, video encoding, and simulation workloads.
- Resources
- ap-southeast-1: Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::webScrapNew | Lambda::webScrapper | Lambda::isengard-create-inventory-association | Lambda::testFunction | Lambda::isengard-set-default-instance-role | Lambda::isengard-set-default-patch-baseline
- us-east-1: Lambda::isengard-set-default-instance-role | Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::isengard-set-default-patch-baseline | Lambda::isengard-create-inventory-association
- Label
- Testing Required
- Recommendation
- Advantages of using arm64
lambdaEnhancedMonitoringDisabled
Operation Excellence- Description
- Enhanced Monitoring: Enhanced Monitoring is disabled for 11 of your Lambda functions. Enabled enhanced monitoring to better monitor, troubleshoot and optimize functions.
- Resources
- ap-southeast-1: Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::webScrapNew | Lambda::webScrapper | Lambda::isengard-create-inventory-association | Lambda::testFunction | Lambda::isengard-set-default-instance-role | Lambda::isengard-set-default-patch-baseline
- us-east-1: Lambda::isengard-set-default-instance-role | Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::isengard-set-default-patch-baseline | Lambda::isengard-create-inventory-association
- Label
- Cost Incurred
- Recommendation
- Using Lambda Insights in Amazon CloudWatch
lambdaCMKEncryptionDisabled
Security- Description
- Customer Managed Key: CMK is not enabled for 11 of your Lambda funciton. Enable CMK to enjoy a more granular control over the data encryption and decryption process.
- Resources
- ap-southeast-1: Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::webScrapNew | Lambda::webScrapper | Lambda::isengard-create-inventory-association | Lambda::testFunction | Lambda::isengard-set-default-instance-role | Lambda::isengard-set-default-patch-baseline
- us-east-1: Lambda::isengard-set-default-instance-role | Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::isengard-set-default-patch-baseline | Lambda::isengard-create-inventory-association
- Recommendation
- Lambda securing environment variables
lambdaCodeSigningDisabled
Security- Description
- Code Signing: Code Signing has not been enabled for 11 of your Lambda. Enable Code Signing to ensure only trusted code run in your Lambda functions
- Resources
- ap-southeast-1: Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::webScrapNew | Lambda::webScrapper | Lambda::isengard-create-inventory-association | Lambda::testFunction | Lambda::isengard-set-default-instance-role | Lambda::isengard-set-default-patch-baseline
- us-east-1: Lambda::isengard-set-default-instance-role | Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::isengard-set-default-patch-baseline | Lambda::isengard-create-inventory-association
- Label
- Testing Required
- Recommendation
- Configuring code signing for AWS Lambda
lambdaReservedConcurrencyDisabled
Performance Efficiency- Description
- Provisioned Concurrency: Provisioned Concurrency is disabled for 11 of your Lambda function. Enable provision concurrency to improve Lambda scaling performance.
- Resources
- ap-southeast-1: Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::webScrapNew | Lambda::webScrapper | Lambda::isengard-create-inventory-association | Lambda::testFunction | Lambda::isengard-set-default-instance-role | Lambda::isengard-set-default-patch-baseline
- us-east-1: Lambda::isengard-set-default-instance-role | Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::isengard-set-default-patch-baseline | Lambda::isengard-create-inventory-association
- Label
- Testing Required Cost Incurred
- Recommendation
- Configuring provisioned concurrency
lambdaRoleReused
Security- Description
- Execution Role Reused: 8 of your Lambda function is having the same execution role. Please create isolated execution role to provide least privilege permission to the Lambda function.
- Resources
- ap-southeast-1: Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::isengard-create-inventory-association | Lambda::isengard-set-default-instance-role | Lambda::isengard-set-default-patch-baseline
- us-east-1: Lambda::isengard-set-default-instance-role | Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::isengard-set-default-patch-baseline | Lambda::isengard-create-inventory-association
- Label
- Testing Required
- Recommendation
- Lambda execution role
lambdaNotInUsed30Days
Operation Excellence- Description
- Function not in used: 11 of your Lambda is not invoked in past 30 days. Remove unused function to maintain up-to-date environment and control costs
- Resources
- ap-southeast-1: Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::webScrapNew | Lambda::webScrapper | Lambda::isengard-create-inventory-association | Lambda::testFunction | Lambda::isengard-set-default-instance-role | Lambda::isengard-set-default-patch-baseline
- us-east-1: Lambda::isengard-set-default-instance-role | Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::isengard-set-default-patch-baseline | Lambda::isengard-create-inventory-association
- Recommendation
- API to delete Lambda
lambdaTracingDisabled
Operation Excellence- Description
- Tracing: Tracing feature is diabled for 11 of your Lambda function. Enable tracing for better visibility of execution and performance of functions.
- Resources
- ap-southeast-1: Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::webScrapNew | Lambda::webScrapper | Lambda::isengard-create-inventory-association | Lambda::testFunction | Lambda::isengard-set-default-instance-role | Lambda::isengard-set-default-patch-baseline
- us-east-1: Lambda::isengard-set-default-instance-role | Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::isengard-set-default-patch-baseline | Lambda::isengard-create-inventory-association
- Label
- Cost Incurred
- Recommendation
- Using AWS Lambda with AWS X-Ray
lambdaRuntimeUpdate
Security- Description
- Runtime Update Available: New runtime version available for 11 of your Lambda. Please update your Lambda runtime to enjoy the latest features and patches.
- Resources
- ap-southeast-1: Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::webScrapNew | Lambda::webScrapper | Lambda::isengard-create-inventory-association | Lambda::testFunction | Lambda::isengard-set-default-instance-role | Lambda::isengard-set-default-patch-baseline
- us-east-1: Lambda::isengard-set-default-instance-role | Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::isengard-set-default-patch-baseline | Lambda::isengard-create-inventory-association
- Label
- Have Downtime Testing Required
- Recommendation
- Lambda runtimes
lambdaDeadLetterQueueDisabled
Operation Excellence- Description
- Dead Letter Queue: Dead Letter Queue (DLQ) has not been enabled for 11 of your Lambda. Enable DLQ to send unprocessed events to SQS or SNS topic.
- Resources
- ap-southeast-1: Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::webScrapNew | Lambda::webScrapper | Lambda::isengard-create-inventory-association | Lambda::testFunction | Lambda::isengard-set-default-instance-role | Lambda::isengard-set-default-patch-baseline
- us-east-1: Lambda::isengard-set-default-instance-role | Lambda::isengard-create-vpc-endpoints-for-ssm | Lambda::isengard-set-default-patch-baseline | Lambda::isengard-create-inventory-association
- Label
- Testing Required Cost Incurred
- Recommendation
- Dead Letter Queue Configuration
Detail
ap-southeast-1
1. isengard-create-vpc-endpoints-for-ssm
| Check | Current Value | Recommendation |
|---|---|---|
| UseArmArchitecture | x86_64 | Use Arm64 Architecture |
| lambdaEnhancedMonitoringDisabled | Disabled | Enhanced Monitoring Disabled |
| lambdaCMKEncryptionDisabled | Disabled | Customer Managed Key Not In Used |
| lambdaCodeSigningDisabled | Disabled | Code Signing Disabled |
| lambdaReservedConcurrencyDisabled | Disabled | Provisioned Concurrency Disabled |
| lambdaRoleReused | arn:aws:iam::961319563195:role/isengard-patching-actions-function-role-ap-southeast-1 | Execution Role Reused |
| lambdaNotInUsed30Days | Function not in used for 30 days | |
| lambdaTracingDisabled | Disabled | Tracing Disabled |
| lambdaRuntimeUpdate | python3.10 | Runtime Update Available |
| lambdaDeadLetterQueueDisabled | Disabled | Dead Letter Queue Disabled |
2. webScrapNew
| Check | Current Value | Recommendation |
|---|---|---|
| UseArmArchitecture | x86_64 | Use Arm64 Architecture |
| lambdaEnhancedMonitoringDisabled | Disabled | Enhanced Monitoring Disabled |
| lambdaCMKEncryptionDisabled | Disabled | Customer Managed Key Not In Used |
| lambdaCodeSigningDisabled | Disabled | Code Signing Disabled |
| lambdaRuntimeUpdate | nodejs12.x | Runtime Update Available |
| lambdaTracingDisabled | Disabled | Tracing Disabled |
| lambdaReservedConcurrencyDisabled | Disabled | Provisioned Concurrency Disabled |
| lambdaDeadLetterQueueDisabled | Disabled | Dead Letter Queue Disabled |
| lambdaNotInUsed30Days | Function not in used for 30 days |
3. webScrapper
| Check | Current Value | Recommendation |
|---|---|---|
| UseArmArchitecture | x86_64 | Use Arm64 Architecture |
| lambdaEnhancedMonitoringDisabled | Disabled | Enhanced Monitoring Disabled |
| lambdaCMKEncryptionDisabled | Disabled | Customer Managed Key Not In Used |
| lambdaCodeSigningDisabled | Disabled | Code Signing Disabled |
| lambdaRuntimeUpdate | nodejs14.x | Runtime Update Available |
| lambdaTracingDisabled | Disabled | Tracing Disabled |
| lambdaReservedConcurrencyDisabled | Disabled | Provisioned Concurrency Disabled |
| lambdaDeadLetterQueueDisabled | Disabled | Dead Letter Queue Disabled |
| lambdaNotInUsed30Days | Function not in used for 30 days |
4. isengard-create-inventory-association
| Check | Current Value | Recommendation |
|---|---|---|
| UseArmArchitecture | x86_64 | Use Arm64 Architecture |
| lambdaEnhancedMonitoringDisabled | Disabled | Enhanced Monitoring Disabled |
| lambdaCMKEncryptionDisabled | Disabled | Customer Managed Key Not In Used |
| lambdaCodeSigningDisabled | Disabled | Code Signing Disabled |
| lambdaRoleReused | arn:aws:iam::961319563195:role/isengard-patching-actions-function-role-ap-southeast-1 | Execution Role Reused |
| lambdaRuntimeUpdate | python3.10 | Runtime Update Available |
| lambdaTracingDisabled | Disabled | Tracing Disabled |
| lambdaReservedConcurrencyDisabled | Disabled | Provisioned Concurrency Disabled |
| lambdaNotInUsed30Days | Function not in used for 30 days | |
| lambdaDeadLetterQueueDisabled | Disabled | Dead Letter Queue Disabled |
5. testFunction
| Check | Current Value | Recommendation |
|---|---|---|
| UseArmArchitecture | x86_64 | Use Arm64 Architecture |
| lambdaEnhancedMonitoringDisabled | Disabled | Enhanced Monitoring Disabled |
| lambdaCMKEncryptionDisabled | Disabled | Customer Managed Key Not In Used |
| lambdaCodeSigningDisabled | Disabled | Code Signing Disabled |
| lambdaRuntimeUpdate | nodejs12.x | Runtime Update Available |
| lambdaTracingDisabled | Disabled | Tracing Disabled |
| lambdaReservedConcurrencyDisabled | Disabled | Provisioned Concurrency Disabled |
| lambdaDeadLetterQueueDisabled | Disabled | Dead Letter Queue Disabled |
| lambdaNotInUsed30Days | Function not in used for 30 days |
6. isengard-set-default-instance-role
| Check | Current Value | Recommendation |
|---|---|---|
| UseArmArchitecture | x86_64 | Use Arm64 Architecture |
| lambdaEnhancedMonitoringDisabled | Disabled | Enhanced Monitoring Disabled |
| lambdaCMKEncryptionDisabled | Disabled | Customer Managed Key Not In Used |
| lambdaCodeSigningDisabled | Disabled | Code Signing Disabled |
| lambdaRoleReused | arn:aws:iam::961319563195:role/isengard-patching-actions-function-role-ap-southeast-1 | Execution Role Reused |
| lambdaRuntimeUpdate | python3.10 | Runtime Update Available |
| lambdaTracingDisabled | Disabled | Tracing Disabled |
| lambdaReservedConcurrencyDisabled | Disabled | Provisioned Concurrency Disabled |
| lambdaNotInUsed30Days | Function not in used for 30 days | |
| lambdaDeadLetterQueueDisabled | Disabled | Dead Letter Queue Disabled |
7. isengard-set-default-patch-baseline
| Check | Current Value | Recommendation |
|---|---|---|
| UseArmArchitecture | x86_64 | Use Arm64 Architecture |
| lambdaEnhancedMonitoringDisabled | Disabled | Enhanced Monitoring Disabled |
| lambdaCMKEncryptionDisabled | Disabled | Customer Managed Key Not In Used |
| lambdaCodeSigningDisabled | Disabled | Code Signing Disabled |
| lambdaRoleReused | arn:aws:iam::961319563195:role/isengard-patching-actions-function-role-ap-southeast-1 | Execution Role Reused |
| lambdaRuntimeUpdate | python3.10 | Runtime Update Available |
| lambdaTracingDisabled | Disabled | Tracing Disabled |
| lambdaReservedConcurrencyDisabled | Disabled | Provisioned Concurrency Disabled |
| lambdaDeadLetterQueueDisabled | Disabled | Dead Letter Queue Disabled |
| lambdaNotInUsed30Days | Function not in used for 30 days |
us-east-1
8. isengard-set-default-instance-role
| Check | Current Value | Recommendation |
|---|---|---|
| UseArmArchitecture | x86_64 | Use Arm64 Architecture |
| lambdaEnhancedMonitoringDisabled | Disabled | Enhanced Monitoring Disabled |
| lambdaCMKEncryptionDisabled | Disabled | Customer Managed Key Not In Used |
| lambdaCodeSigningDisabled | Disabled | Code Signing Disabled |
| lambdaReservedConcurrencyDisabled | Disabled | Provisioned Concurrency Disabled |
| lambdaRoleReused | arn:aws:iam::961319563195:role/isengard-patching-actions-function-role-us-east-1 | Execution Role Reused |
| lambdaRuntimeUpdate | python3.10 | Runtime Update Available |
| lambdaTracingDisabled | Disabled | Tracing Disabled |
| lambdaDeadLetterQueueDisabled | Disabled | Dead Letter Queue Disabled |
| lambdaNotInUsed30Days | Function not in used for 30 days |
9. isengard-create-vpc-endpoints-for-ssm
| Check | Current Value | Recommendation |
|---|---|---|
| UseArmArchitecture | x86_64 | Use Arm64 Architecture |
| lambdaEnhancedMonitoringDisabled | Disabled | Enhanced Monitoring Disabled |
| lambdaCMKEncryptionDisabled | Disabled | Customer Managed Key Not In Used |
| lambdaCodeSigningDisabled | Disabled | Code Signing Disabled |
| lambdaRoleReused | arn:aws:iam::961319563195:role/isengard-patching-actions-function-role-us-east-1 | Execution Role Reused |
| lambdaRuntimeUpdate | python3.10 | Runtime Update Available |
| lambdaTracingDisabled | Disabled | Tracing Disabled |
| lambdaNotInUsed30Days | Function not in used for 30 days | |
| lambdaDeadLetterQueueDisabled | Disabled | Dead Letter Queue Disabled |
| lambdaReservedConcurrencyDisabled | Disabled | Provisioned Concurrency Disabled |
10. isengard-set-default-patch-baseline
| Check | Current Value | Recommendation |
|---|---|---|
| UseArmArchitecture | x86_64 | Use Arm64 Architecture |
| lambdaEnhancedMonitoringDisabled | Disabled | Enhanced Monitoring Disabled |
| lambdaCMKEncryptionDisabled | Disabled | Customer Managed Key Not In Used |
| lambdaCodeSigningDisabled | Disabled | Code Signing Disabled |
| lambdaDeadLetterQueueDisabled | Disabled | Dead Letter Queue Disabled |
| lambdaRoleReused | arn:aws:iam::961319563195:role/isengard-patching-actions-function-role-us-east-1 | Execution Role Reused |
| lambdaRuntimeUpdate | python3.10 | Runtime Update Available |
| lambdaTracingDisabled | Disabled | Tracing Disabled |
| lambdaNotInUsed30Days | Function not in used for 30 days | |
| lambdaReservedConcurrencyDisabled | Disabled | Provisioned Concurrency Disabled |
11. isengard-create-inventory-association
| Check | Current Value | Recommendation |
|---|---|---|
| UseArmArchitecture | x86_64 | Use Arm64 Architecture |
| lambdaEnhancedMonitoringDisabled | Disabled | Enhanced Monitoring Disabled |
| lambdaCMKEncryptionDisabled | Disabled | Customer Managed Key Not In Used |
| lambdaCodeSigningDisabled | Disabled | Code Signing Disabled |
| lambdaDeadLetterQueueDisabled | Disabled | Dead Letter Queue Disabled |
| lambdaRoleReused | arn:aws:iam::961319563195:role/isengard-patching-actions-function-role-us-east-1 | Execution Role Reused |
| lambdaRuntimeUpdate | python3.10 | Runtime Update Available |
| lambdaTracingDisabled | Disabled | Tracing Disabled |
| lambdaNotInUsed30Days | Function not in used for 30 days | |
| lambdaReservedConcurrencyDisabled | Disabled | Provisioned Concurrency Disabled |