BY KURT MARKO
FaaS could increase risk by adding attack surfaces that are unique to a particular function and not considered during application design.
For example, Lambda functions assume an AWS IAM role that controls the resources it can use, including things such as security keys for third-party APIs. If these are not properly constrained, a function might have unintended access to databases, S3 buckets and other data, not to mention access to external SaaS or social network accounts that could be exploited should the function be compromised in an attack.
Similarly, functions used to handle web pages (forms, transactions) could be subject to DDoS attacks that could both disrupt the application and generate additional usage costs.
These risks can be mitigated by rate-limiting and blacklisting addresses identified as abusive using AWS WAF (Web Application Firewall); however, it’s an added step that easily can get overlooked.