Issue Details

ID: CRLY.01180
Severity: MEDIUM
File: pipeline/cfn-deploypipeline-s3.yaml

Remediation Summary

Description

The security finding indicates that the AWS Lambda function LambdaSlackNotify is not configured with a function-level concurrent execution limit. This can lead to potential performance issues and unexpected costs if the function is invoked too frequently.

Steps

1. Update the CloudFormation Template: Add the ConcurrentExecutionsLimit property under the Properties section of the LambdaSlackNotify function.

2. Set a Reasonable Limit: Choose a concurrent execution limit based on the expected workload and performance requirements. This limit should be high enough to handle the expected load but not so high as to cause performance degradation or excessive costs.

Here is the updated CloudFormation snippet with the concurrent execution limit set to 100:

    LambdaSlackNotify:
        Type: AWS::Serverless::Function
        Properties:
            Description: Sends CodePipeline events to Slack
            Runtime: python2.7
            CodeUri: ./functions/slack-notify
            Handler: handler.handler
            MemorySize: 128
            Timeout: 30
            Role: !GetAtt IamRoleLambdaSlackNotify.Arn
            Environment:
                Variables:
                    SLACK_CHANNEL_NAME:
                        !Ref SlackChannelName
                    SLACK_WEBHOOK_URL:
                        !Ref SlackWebhookUrl
                    SERVICE_NAME:
                        !Ref ServiceName
                    STAGE:
                        !Ref Stage
            ConcurrentExecutionsLimit: 100

3. Deploy the Updated Template: After updating the CloudFormation template, deploy it using your CI/CD pipeline or any other deployment method you use.

This will ensure that the Lambda function has a defined concurrent execution limit, improving both performance and cost management.