Tag: aws-python-sdk

Untrusted AMI images

Improper filtering of Amazon Machine Images (AMIs) can result in loading an untrusted image, a potential security vulnerability.

AWS credentials logged

Logging unencrypted AWS credentials can expose them to an attacker.

Sensitive data stored unencrypted due to partial encryption

Encryption that is dependent on conditional logic, such as an if...then clause, might cause unencrypted sensitive data to be stored.

Synchronous publication of AWS Lambda metrics

Synchronous publication of AWS Lambda metrics is inefficient.

Batch request with unchecked failures

Not checking which items have failed can lead to loss of data.

Inefficient polling of AWS resource

Custom polling can be inefficient and prone to error. Consider using AWS waiters instead.

Unauthenticated Amazon SNS unsubscribe requests might succeed

Failing to set the AuthenticateOnUnsubscribe flag to True when confirming an SNS subscription can lead to unauthenticated cancellations.

Set SNS Return Subscription ARN

To always return the subscription ARN, set the ReturnSubscriptionArn argument to True.

Missing none check on response metadata

Response metadata was not checked to verify that it is not None.

Missing pagination

Missing pagination on a paginated call can lead to inaccurate results.

Incorrect binding of SNS publish operations

Incorrect binding of SNS publish operations with the subscribe or create_topic operations might lead to latency issues.

Client-side KMS reencryption

Client-side decryption followed by reencryption is inefficient and can lead to sensitive data leaks.

AWS client not reused in a Lambda function

Recreating AWS clients in each Lambda function invocation is expensive.

Override of reserved variable names in a Lambda function

Overriding environment variables that are reserved by AWS Lambda might lead to unexpected behavior.

Missing S3 bucket owner condition

Not setting the S3 bucket owner condition might introduce a risk of accidentally using a wrong bucket.