SEC 2: How do you manage your Serverless application’s security boundaries?

Defining and securing your Serverless application’s boundaries ensures isolation for, within, and between components.

Resources

Understanding AWS IAM Resource Policies
Understanding how AWS Organization Service Control Policies work

Best Practices:

Improvement Plan

Evaluate and define resource policies

  • Understand and determine what resource policies are necessary.
  • Implement resource policies to prevent access unauthorized access.
  • Use temporary credentials between resources and components

  • Use dynamic authentication when accessing components and managed services.
  • Control network traffic at all layers

  • Use networking controls to enforce access patterns.
  • Use detective tools to audit your traffic.
  • Block network access when required
  • Design smaller, single purpose functions

  • Create single purpose functions with their own IAM role.
  • Use least privilege access policies with your users and roles
  • Audit permissions used and remove unnecessary permissions where applicable.