π‘οΈ AWS Lambda Function X-Ray Tracing is not enabledπ’
- Contextual name: π‘οΈ Function X-Ray Tracing is not enabledπ’
- ID:
/ce/ca/aws/lambda/function-tracing - Tags:
- π’ Policy with categories
- π’ Policy with type
- π’ Production policy
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
RELIABILITY
Logicβ
- π§ prod.logic.yamlπ’
Similar Policiesβ
- Cloud Conformity: Tracing Enabled
Descriptionβ
Descriptionβ
This policy identifies AWS Lambda functions that do not have active tracing with AWS X-Ray enabled. When enabled, Lambda sends trace data to X-Ray for all incoming requests, allowing you to visualize the complete lifecycle of a request as it flows through your function and other integrated AWS services.
Rationaleβ
Enabling X-Ray tracing provides a detailed view of your serverless applicationβs execution, including latency within the Lambda function and calls to downstream services. This visibility helps identify the root cause of errors, timeouts, or performance bottlenecks by showing where failures occur in the request chain. Tracing also reveals service interactions and unintended dependencies, enabling more effective debugging and performance optimization.
Auditβ
This policy flags an AWS Lambda Function as
INCOMPLIANTif theTracing Config Response Modefield is set to PassThrough.
Remediationβ
Remediationβ
Enable Active X-Ray Tracingβ
Active tracing allows Lambda to send trace data to X-Ray for all incoming requests, providing full visibility into request execution and interactions with downstream services.
From Command Lineβ
Ensure the Lambda function has permission to upload trace data to X-Ray. Attach the
AWSXRayDaemonWriteAccessmanaged IAM policy to the function's execution role:aws iam attach-role-policy \
--role-name {{function-execution-role}} \
--policy-arn "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess"Enable active tracing on the Lambda function:
aws lambda update-function-configuration \
--function-name {{function-name}} \
--tracing-config Mode=Active