Check for deprecated lambda runtimes in AWS #8103
Comments
|
To fully automate that check with Custodian, my first thought would be adding an (As far as I can tell, other ways of having more dynamic policies would require Custodian to crawl AWS docs or hardcode runtime status/deprecation timelines... which feels like a recipe for trouble) |
|
Hi AJ, Could you please advise which filter to use under aws.account? "service-limit" doesn't do the trick as this particular check comes under security category in trusted advisor. |
|
I think the directly looking at the runtimes is correct per the policy running against lambda is correct, and then update the policy periodically. this list doesn't change that often (like 1-2 times a year if). alternatively scrape the aws docs for deprecated as a json data file your policy can use, or ask your tam for a machine readable list or lambda api call / attribute re deprecated. |
|
Thanks Kapil. So there is no way to get trusted advisor check result using custodian for this particular scenario ? |
Describe the feature
Hi All,
Currently, only way to check for deprecated Lambda runtimes in our AWS account using an API call is a Trusted Advisor check(Business or Enterprise Edition). Otherwise we have to check manually on the console or on this documentation page https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html
A policy like the one below can be written but it would require the runtimes to be updated manually from time to time:
resource: aws.lambda
description: "Lambda-Deprecated-Runtimes"
filters:
key: Runtime
value: [python3.9 ,python2.7, dotnetcore2.1, ruby2.5, nodejs10.x, nodejs8.10 ,nodejs4.3 ,nodejs6.10 ,dotnetcore1.0 ,dotnetcore2.0 ,nodejs4.3-edge ,nodejs]
op: in
It would be helpful if this check can be fully automated using Cloud Custodian.
Extra information or context
No response
The text was updated successfully, but these errors were encountered: