Description
This policy identifies AWS Lambda Functions that are using runtimes which AWS has designated as deprecated.
AWS Lambda supports multiple runtimes for various programming languages. Each runtime is tied to a specific version of the programming language and underlying operating system. When a language or operating system reaches its end of life (EOL), AWS deprecates the associated Lambda runtime.
Rationaleβ
Using deprecated runtimes introduces significant security and operational risks. Deprecated runtimes no longer receive security patches for the programming language or the underlying operating system. In addition, AWS may restrict the creation of new functions or updates to existing functions that rely on deprecated runtimes. New Lambda features, SDK updates, and AWS service integrations may also be incompatible with older runtimes.
Maintaining supported, up-to-date runtimes helps ensure that serverless applications remain secure, reliable, and fully supported by AWS.
Impactβ
Known vulnerabilities in outdated language versions or operating system libraries will remain unpatched, increasing the risk of exploitation by malicious actors.
Remediation requires migrating affected functions to a supported runtime version, which may involve updating application code to align with changes in language syntax, dependencies, or runtime behavior.
Auditβ
This policy flags an AWS Lambda Function as INCOMPLIANT when the Runtime field indicates a runtime that AWS has marked as deprecated.
Lambda Functions deployed using container images are marked as INAPPLICABLE.