Description :
You can use versions to manage the deployment of your functions. For example, you can publish a new version of a function for beta testing without affecting users of the stable production version. Lambda creates a new version of your function each time that you publish the function. The new version is a copy of the unpublished version of the function.
A function version includes the following information:
The function code and all associated dependencies.
The Lambda runtime invokes the function.
All of the function settings, including the environment variables.
A unique Amazon Resource Name (ARN) to identify the specific version of the function.
Rationale:
A config rule that checks that all the lambda functions have at least one defined version and alias, also ensures that no alias points to $LATEST version.
Lambda versions are like git commits— they’re snapshots of your project history. Each version has a number that serves as its ID, starting with 1 and incrementing up.
Impact:
AWS Lambda doesn't publish a version if the function's configuration and code haven't changed since the last version. Use UpdateFunctionCode or UpdateConfigurationFunction to update the function before publishing a version. AWS never forces you to use versions, so it’s on you to publish new versions consistently.
Default Value:
The qualified ARN for each Lambda function version is unique. After you publish a version, you can't change the ARN or the function code.
Pre-requisites:
At least one Lambda function needs to be created already
Remediation:
Audit:
Sign in to AWS Management Console
Navigate to AWS Lambda Lambda (amazon.com)
Open the Functions page on the Lambda console.
Choose a function for which you want to check Lambda code is versioned or not
On the versions configuration page, check the version of the current lambda function
Open the Functions page on the Lambda console. Choose the name of a function. Verify that the function has at least two published versions. On the function configuration page, choose Qualifiers, and then choose the Versions tab to display the list of versions.
Implementation Steps:
Step 1: Sign in to AWS Management Console.
Step 2: Navigate to the Lambda Lambda (amazon.com)
Step 3: Open the Functions page on the Lambda console.
Step 4: Choose a function for which you want to check Lambda code is versioned or not
Step 5: On the versions configuration page, check the version of the current lambda function if the lambda function is not version enabled then you can click on publish new version entire the version of your function and click on save.
Step 6: If there is no Lambda Function exists Click on create a function
Step 7: fill up the basic information and change the default execution role
Step 8: Click on create function
Step 9: Edit the code
Step 10: Click on action and say publish a new version
Step 11: Click on the action and create a alias
Using versions
You can reference your Lambda function using either a qualified ARN or an unqualified ARN.
Qualified ARN – The function ARN with a version suffix. The following example refers to version 42 of the
helloworld
functionarn:aws:lambda:aws-region:acct-id:function:helloworld:42
Unqualified ARN
– The function ARN without a version suffix.
arn:aws:lambda:aws-region:acct-id:function:helloworld
Using AWS CLI:
arn:aws:lambda:aws-region:acct-id:function:helloworld
Back out plan:
Lambda creates a new version of your function each time that you publish the function.
If you do not want the new version then stop publishing new changes.
Reference: