iCompaas Support

Profile Applicability:
Level 1

Description:
This control ensures that AWS Lambda functions using obsolete or deprecated runtimes are identified and remediated. AWS periodically deprecates older runtimes (such as Python 3.6, Node.js 12.x, or Java 8) to maintain platform security, performance, and compatibility. Continuing to use deprecated runtimes poses security risks as they no longer receive updates, patches, or support from AWS, increasing the likelihood of vulnerabilities or runtime failures.

Rationale:
Deprecated Lambda runtimes can expose functions to unpatched security flaws, operational instability, and non-compliance with security and governance frameworks. Identifying and upgrading these runtimes ensures continued compatibility with AWS services and aligns with secure software lifecycle practices. Maintaining up-to-date runtimes supports compliance with CIS, SOC 2, ISO 27001, and NIST 800-53 requirements.

Impact:
Positive Impact: Improves function security, performance, and maintainability by ensuring all Lambda runtimes receive ongoing updates and patches.
Negative Impact: Requires code testing and refactoring when migrating to newer runtimes, which may increase development effort temporarily.

Default Value:
AWS periodically deprecates older runtimes, but it does not automatically upgrade existing functions to newer versions.

Pre-Requisite:

• IAM permissions required: lambda:ListFunctions, lambda:GetFunctionConfiguration.

• Awareness of currently supported Lambda runtimes, as listed in AWS documentation.
  
  

Test Plan 
Using AWS Console:

1. Sign in to the AWS Management Console.

2. Navigate to Lambda → Functions.

3. In the list view, check the Runtime column for each function.

4. Compare the listed runtime versions against the latest supported runtimes from the AWS Lambda Runtime Support Policy.

5. If any functions use deprecated or obsolete runtimes (e.g., Node.js 12.x, Python 3.6, Ruby 2.7, etc.), mark them as non-compliant.
   
   

Implementation Plan 
Using AWS Console:

1. Identify Lambda functions using obsolete or soon-to-be-deprecated runtimes.

2. Review the function code and dependencies to ensure compatibility with the new runtime version.

3. Update the runtime by performing the following steps:

   • Navigate to Lambda → Functions.

   • Select the target function and go to Configuration → General configuration.

   • Click Edit next to Runtime.

   • Choose the latest supported runtime (e.g., Python 3.11, Node.js 20.x, Java 17, etc.).

   • Click Save.

4. Test the function to verify it performs as expected after the upgrade.

5. Optionally, implement automated checks using AWS Config or Security Hub to detect deprecated runtimes proactively.
   
   

Backout Plan:

1. If the function fails to run properly after the upgrade, revert to the previous version using Lambda versioning or a backup deployment package.

2. Review runtime migration documentation and dependency compatibility before retrying the upgrade.
   
   

References:

• AWS Lambda Runtime Support Policy

• AWS Lambda Developer Guide

• CIS AWS Foundations Benchmark v2.0.0 – Control 4.11

• AWS Security Best Practices Whitepaper

• AWS Well-Architected Framework – Reliability Pillar