0

Just wonder if I still need to take care firewall, IPS/IDS, Web Application Firewall when I run an app on AWS lambda.

Is there any difference about security from traditional EC2 instance?

Your comment welcome

user62414
  • 135
  • 1
  • 2
  • 6

1 Answers1

0

It runs your code and handles your data - it can be attacked, compromised, exploited and abused.

There are some mitigating factors, e.g. the short lifespan of the lambda environment, on the other hand if I manage to break into one lambda instance I can surely break into the next one too as they are all identical. Or the fact that it usually isn’t accessed directly but rather through an API gateway or similar. But these factors are just obstacles for the attacker, not in any way a full protection you should depend on.

So yes, you still need to think about security when designing a Lambda-based application, use WAF, IDS, etc.

MLu
  • 24,849
  • 5
  • 59
  • 86