Lambda function uses a supported runtime
awslambda_function_using_supported_runtimes
Lambda functions using obsolete runtimes-such as python3.8, nodejs14.x, go1.x, ruby2.7-are identified against a curated list of deprecated runtime identifiers.
Risk
Unmaintained runtimes lack security patches, exposing code and libraries to known CVEs (confidentiality, integrity).
Deprecation can block create/update and break builds, causing failed deployments or runtime errors (availability). Tooling may stop supporting builds, slowing fixes and recovery.
prowler aws --checks awslambda_function_using_supported_runtimes
Recommendation
Upgrade to supported LTS runtimes (AL2/AL2023) and include runtime upgrades in a secure SDLC.
Test in staging, deploy via versions/aliases, and keep dependencies current. Monitor deprecation notices. Apply guardrails to block deprecated runtime values and allow only approved runtimes, aligning with defense in depth.
Remediation
aws lambda update-function-configuration --function-name <FUNCTION_NAME> --runtime <SUPPORTED_RUNTIME>
- Open the AWS Lambda console and select the function
- Go to Configuration > Runtime settings > Edit
- In Runtime, choose a supported runtime (e.g., python3.12) and click Save
Source Code
Resource Type
AwsLambdaFunction
References
- https://aws.amazon.com/blogs/compute/managing-aws-lambda-runtime-upgrades/
- https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html
- https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Lambda/supported-runtime-environment.html
- https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html