Skip to content

Fix CRLY.01180: Set Concurrent Execution Limit for Lambda Functions#50

Open
curly-review[bot] wants to merge 1 commit intomasterfrom
curly/fix-crly.01180-cfn-lambda-core-functions-adc61f
Open

Fix CRLY.01180: Set Concurrent Execution Limit for Lambda Functions#50
curly-review[bot] wants to merge 1 commit intomasterfrom
curly/fix-crly.01180-cfn-lambda-core-functions-adc61f

Conversation

@curly-review
Copy link
Copy Markdown

@curly-review curly-review Bot commented May 2, 2025

Issue Details

ID: CRLY.01180
Severity: MEDIUM
File: sam/cfn/cfn-lambda-core-functions.yaml

Remediation Summary

Description

The security finding indicates that the AWS Lambda function talrReceptionistFunction does not have a function-level concurrent execution limit set. This can lead to potential resource exhaustion and increased costs if not managed properly.

Steps

  1. Update the CloudFormation Template:
    Add the ReservedConcurrentExecutions property under the Properties section of the talrReceptionistFunction.

  2. Set a Reasonable Limit:
    Choose a concurrent execution limit based on your application's needs. For example, if you want to limit the function to 100 concurrent executions, set ReservedConcurrentExecutions to 100.

Here is the updated YAML snippet:

    talrReceptionistFunction:
        Type: AWS::Serverless::Function
        Properties:
            FunctionName: talr-receptionist1
            Description: Validates account request and starts workflow
            Runtime: python2.7
            CodeUri: ../functions/talr-receptionist
            Handler: handler.handler
            MemorySize: 128
            Timeout: 30
            Role: !GetAtt iamCoreFunctionsRolesStack.Outputs.iamRoleArnLambdaTalrReceptionist
            ReservedConcurrentExecutions: 100  # Set your desired limit here
        Variables:
            TALR_TABLENAME_CBINFO: !GetAtt dynamodbTablesStack.Outputs.dynamodbTableNameTalrCbInfo
            TALR_TABLENAME_TASKSTATUS: !GetAtt dynamodbTablesStack.Outputs.dynamodbTableNameTalrTaskStatus
            TALR_TABLENAME_ACCOUNTINFO: !GetAtt dynamodbTablesStack.Outputs.dynamodbTableNameTalrAccountInfo
            STAGE: !Ref stage
  1. Deploy the Updated Template:
    Use your preferred CI/CD pipeline or AWS CLI to deploy the updated CloudFormation template.
aws cloudformation deploy --template-file sam/cfn/cfn-lambda-core-functions.yaml --stack-name your-stack-name --capabilities CAPABILITY_IAM

By following these steps, you will ensure that the talrReceptionistFunction has a function-level concurrent execution limit, improving the security and cost management of your AWS Lambda function.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants