AWS Lambda Security

When:Wed PM-1
OrganizersGiorgio Bonfiglio Giorgio Bonfiglio , James Wharton James Wharton
ParticipantsAndrew Johnstone Andrew Johnstone , John Killilea John Killilea , Vladimir Voskresenskiy Vladimir Voskresenskiy , Jaimen Lathia Jaimen Lathia , Chris Allen Chris Allen , Simon Pavillon Simon Pavillon , Stephen de Vries Stephen de Vries , Mario Platt Mario Platt , Aurelijus Stanislovaitis Aurelijus Stanislovaitis , Daniel Garcia (cr0hn) Daniel Garcia (cr0hn) , Francois Raynaud Francois Raynaud , Gabor Pek Gabor Pek , Giorgio Bonfiglio Giorgio Bonfiglio , Imran Mohammed A Imran Mohammed A , Paul Dubourg Paul Dubourg , Stu Hirst Stu Hirst , Thomas Franceschini Thomas Franceschini , Wayne Moore Wayne Moore
Remote ParticipantsAbhi Raj Abhi Raj , Anton Delsink Anton Delsink , Barbara Prevel Barbara Prevel , Lubo Vikev Lubo Vikev , Madhu Akula Madhu Akula , Mohanish Mahajan Mohanish Mahajan , Mustaqiim Muhar Mustaqiim Muhar , Sergio Issi Sergio Issi , Vandana Verma Vandana Verma


Because AWS Lambda lets us run code without provisioning or managing servers. What security risks are in place?


  • How to do security reviews on code running on AWS Lambda?
  • How to add Security to DevOps practices?
  • How to detect malicious functions?
  • What features are missing?
  • Are users aware of existing features?


AWS Lambda Security Cheatsheet AWS Lambda Security To-Do scripts AWS Lambda Security Checklist


The target audience for this Working Session is:

  • AWS Security team
  • AWS Lambda developers
  • AWS Lamba users

Working materials

Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions)

Previous Summit Working Session