Utilize only one IAM Role per Lambda function.
Do not store AWS Credentials in Lambda function code or configuration.
Store secrets in EC2 Systems Manager Parameter Store or Lambda Environment Variables with Encryption Helpers.
Set API authorization and configuration settings when using API Gateway.
Apply ‘least privilege’ to VPCs related to functions – using function-specific subnets, network ACLs.
Set access control standards and limit access to Lambda APIs and deployment process.
Monitor Lambda availability and performance with CloudWatch.
Ensure security settings for cloud resources connected to Lambda functions (Consider a tool such as Dash ComplyOps).
Set the most-restrictive permissions possible when setting IAM policies.
Delete Lambda functions that are no longer in use.