Control: AWS > Lambda > Function > Policy > Trusted Access

Take an action when AWS Lambda function policy is not trusted based on the AWS > Lambda > Function > Policy > Trusted Access > * policies.

The Trusted Access control evaluates the function policy against the list of allowed members in each of the Trusted Access sub-policies (Trusted Access > Accounts, Trusted Access > Services etc.), this control raises an alarm and takes the defined enforcement action.

The account that owns the function will always be trusted, even if its account ID is not included in the Trusted Accounts policy.

If set to Enforce: Revoke untrusted access, access to non-trusted members will be removed.

Resource Types

This control targets the following resource types:

AWS > Lambda > Function

Policies

The following policies can be used to configure this control:

AWS > Lambda > Function > Policy > Trusted Access

This control type relies on these other policies when running actions:

Permissions

Cloud permissions used by this control and its actions:

lambda:RemovePermission

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-lambda#/control/types/functionPolicyTrustedAccess

Category URI

tmod:@turbot/turbot#/control/categories/securityTrustedAccess

GraphQL

query controlType(id: "tmod:@turbot/aws-lambda#/control/types/functionPolicyTrustedAccess") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-lambda#/control/types/functionPolicyTrustedAccess'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-lambda#/control/types/functionPolicyTrustedAccess"