Not an AWS created blog or tool this time. Rather one from PureSec!
If you are writing serverless applications using LAMBDA as a back end for your APIs this is a good addition to the tool kit to ensure the lambda function is viewed in a more granular fashion to appease the security people.
From the site it can:
- Disable outbound internet connectivity (except for AWS/Google Cloud resources) from the serverless runtime environment, if such connections are not required transfer
- Disable read/write on the /tmp/ directory, if such operations are not required execution (1)
- Disable child process execution, if such execution is not required by the function scode
- Disable read access to the function’s handler and prevent source code leakage