🛡️ AWS Lambda Function Runtime is deprecated🟢

Contextual name: 🛡️ Function Runtime is deprecated🟢
ID: /ce/ca/aws/lambda/function-runtime
Tags:
- 🟢 Policy with categories
- 🟢 Policy with type
- 🟢 Production policy
Policy Type: COMPLIANCE_POLICY
Policy Categories: RELIABILITY

Logic

🧠 prod.logic.yaml🟢
- 📗 AWS Lambda Function
- 🔌 AWS Lambda Function - object.extracts.yaml
- 🧪 test-data.json

Similar Policies

AWS Security Hub: [Lambda.2] Lambda functions should use supported runtimes
Cloud Conformity: Lambda Using Supported Runtime Environment

Description

Description

This policy identifies AWS Lambda Functions that are using runtimes which AWS has designated as deprecated.

AWS Lambda supports multiple runtimes for various programming languages. Each runtime is tied to a specific version of the programming language and underlying operating system. When a language or operating system reaches its end of life (EOL), AWS deprecates the associated Lambda runtime.

Rationale

Using deprecated runtimes introduces significant security and operational risks. Deprecated runtimes no longer receive security patches for the programming language or the underlying operating system. In addition, AWS may restrict the creation of new functions or updates to existing functions that rely on deprecated runtimes. New Lambda features, SDK updates, and AWS service integrations may also be incompatible with older runtimes.

Maintaining supported, up-to-date runtimes helps ensure that serverless applications remain secure, reliable, and fully supported by AWS.

Impact

Known vulnerabilities in outdated language versions or operating system libraries will remain unpatched, increasing the risk of exploitation by malicious actors.

... see more

Remediation

Open File

Remediation

Migrate the Lambda Function to a Supported Runtime

When an AWS Lambda runtime is deprecated, AWS blocks the creation of new functions and the updating of existing functions that use the deprecated runtime shortly after deprecation. As a result, remediation typically requires creating a new Lambda function using a supported runtime.

From Command Line
Review the list of supported AWS Lambda runtimes and select the appropriate target runtime version: https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtimes-supported

Update the function code to be compatible with the selected runtime. This may include modifying language syntax, replacing deprecated APIs, and updating third-party dependencies or Lambda layers.
Create a new Lambda function using the updated code and a supported runtime:
aws lambda create-function \
    --function-name {{new-function-name}} \
    --runtime {{latest-runtime-version}} \
... see more

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Compliance
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Lambda.2] Lambda functions should use supported runtimes			1	no data
💼 Cloudaware Framework → 💼 Infrastructure Modernization			21	no data
💼 FedRAMP High Security Controls → 💼 CM-2 Baseline Configuration (L)(M)(H)	3	1	47	no data
💼 FedRAMP High Security Controls → 💼 SI-2 Flaw Remediation (L)(M)(H)	2	7	23	no data
💼 FedRAMP High Security Controls → 💼 SI-2(2) Automated Flaw Remediation Status (M)(H)			8	no data
💼 FedRAMP Low Security Controls → 💼 CM-2 Baseline Configuration (L)(M)(H)			45	no data
💼 FedRAMP Low Security Controls → 💼 SI-2 Flaw Remediation (L)(M)(H)			23	no data
💼 FedRAMP Moderate Security Controls → 💼 CM-2 Baseline Configuration (L)(M)(H)	3		47	no data
💼 FedRAMP Moderate Security Controls → 💼 SI-2 Flaw Remediation (L)(M)(H)	2		23	no data
💼 FedRAMP Moderate Security Controls → 💼 SI-2(2) Automated Flaw Remediation Status (M)(H)			8	no data
💼 NIST CSF v2.0 → 💼 ID.IM-01: Improvements are identified from evaluations			45	no data
💼 NIST CSF v2.0 → 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties			59	no data
💼 NIST CSF v2.0 → 💼 ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities			60	no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-9(1) Internal System Connections _ Compliance Checks			54	no data
💼 NIST SP 800-53 Revision 5 → 💼 CM-2 Baseline Configuration	7		46	no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-2 Flaw Remediation	6	6	20	no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-2(2) Flaw Remediation _ Automated Flaw Remediation Status		1	8	no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-2(4) Flaw Remediation _ Automated Patch Management Tools			8	no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-2(5) Flaw Remediation _ Automatic Software and Firmware Updates		2	8	no data
💼 PCI DSS v4.0.1 → 💼 12.3.4 Hardware and software technologies in use are reviewed at least once every 12 months.			1	no data
💼 PCI DSS v4.0 → 💼 12.3.4 Hardware and software technologies in use are reviewed at least once every 12 months.			1	no data

Logic​

Similar Policies​

Description​

Description​

Rationale​

Impact​

Remediation​

Remediation​

Migrate the Lambda Function to a Supported Runtime​

From Command Line​

policy.yaml​

Linked Framework Sections​

Logic

Similar Policies

Description

Description

Rationale

Impact

Remediation

Remediation

Migrate the Lambda Function to a Supported Runtime

From Command Line

policy.yaml

Linked Framework Sections