Description : 

You can use versions to manage the deployment of your functions. For example, you can publish a new version of a function for beta testing without affecting users of the stable production version. Lambda creates a new version of your function each time that you publish the function. The new version is a copy of the unpublished version of the function.

A function version includes the following information:

  • The function code and all associated dependencies.

  • The Lambda runtime invokes the function.

  • All of the function settings, including the environment variables.

  • A unique Amazon Resource Name (ARN) to identify the specific version of the function.

Rationale:

A config rule that checks that all the lambda functions have at least one defined version and alias, also ensures that no alias points to $LATEST version.

Lambda versions are like git commits— they’re snapshots of your project history. Each version has a number that serves as its ID, starting with 1 and incrementing up.


Impact:

AWS Lambda doesn't publish a version if the function's configuration and code haven't changed since the last version. Use  UpdateFunctionCode or UpdateConfigurationFunction  to update the function before publishing a version. AWS never forces you to use versions, so it’s on you to publish new versions consistently.

Default Value:

The qualified ARN for each Lambda function version is unique. After you publish a version, you can't change the ARN or the function code.



Pre-requisites:

At least one Lambda function needs to be created already


Remediation:

Audit:

  1. Sign in to AWS Management Console 

  2. Navigate to AWS Lambda Lambda (amazon.com)

  3. Open the Functions page on the Lambda console.

  4. Choose a function for which you want to check  Lambda code is versioned or not  

  5. On the versions configuration page, check the version of the current lambda function 

  6. Open the Functions page on the Lambda console. Choose the name of a function. Verify that the function has at least two published versions. On the function configuration page, choose Qualifiers, and then choose the Versions tab to display the list of versions. 


Implementation Steps:

Step 1: Sign in to AWS Management Console.

Step 2: Navigate to the Lambda Lambda (amazon.com)

Step 3: Open the Functions page on the Lambda console.

Step 4: Choose a function for which you want to check  Lambda code is versioned or not 

Step 5: On the versions configuration page, check the version of the current lambda function if the lambda function is not version enabled then you can click on publish new version entire the version of your function and click on save.

Step 6:  If there is no Lambda Function exists Click on create a function

Step 7: fill up the basic information and change the default execution role 



Step 8: Click on create function 


Step 9: Edit the code 

Step 10: Click on action and say publish a new version 

Step 11: Click on the action and create a alias 

Using versions

You can reference your Lambda function using either a qualified ARN or an unqualified ARN.

  • Qualified ARN – The function ARN with a version suffix. The following example refers to version 42 of the helloworld function

    arn:aws:lambda:aws-region:acct-id:function:helloworld:42


Unqualified ARN

 – The function ARN without a version suffix.

arn:aws:lambda:aws-region:acct-id:function:helloworld

Using AWS CLI:

arn:aws:lambda:aws-region:acct-id:function:helloworld

Back out plan:

  • Lambda creates a new version of your function each time that you publish the function. 

  • If you do not want the new version then stop publishing new changes.

Reference: