Serverless architecture removes much of the overhead costs tied to infrastructure, but it shifts security responsibilities toward code and permissions. Instead of managing servers, developers must focus on how functions interact and what they trust.
1. Over-Privileged IAM Roles
One of the most widespread issues in serverless security is the use of overly permissive identity and access management (IAM) roles, or the granting of functions more permissions than they actually need. The principle of least privilege (PoLP) is essential: each function should be allowed to access only the resources required to perform its task.
This article has been indexed from DZone Security Zone
Read the original article: