Not an AWS created blog or tool this time. Rather one from PureSec!

If you are writing serverless applications using LAMBDA as a back end for your APIs this is a good addition to the tool kit to ensure the lambda function is viewed in a more granular fashion to appease the security people.

https://www.puresec.io/function-shield

From the site it can:

  • Disable outbound internet connectivity (except for AWS/Google Cloud resources) from the serverless runtime environment, if such connections are not required transfer    
  • Disable read/write on the /tmp/ directory, if such operations are not required execution (1)    
  • Disable child process execution, if such execution is not required by the function scode    
  • Disable read access to the function’s handler and  prevent source code leakage