envoy icon indicating copy to clipboard operation
envoy copied to clipboard
verified publisher icon envoyproxy

Regarding maturity of AWS Lambda filter

Open shashankram opened this issue 6 months ago • 2 comments

Is the AWS lambda filter mature and secure enough for production usage?

There is a disclaimer that suggests otherwise, so curious if this is outdated and can be updated. https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/aws_lambda_filter#aws-lambda

The AWS Lambda filter is currently under active development.

https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/aws_lambda/v3/aws_lambda.proto#envoy-v3-api-msg-extensions-filters-http-aws-lambda-v3-config

This extension is functional but has not had substantial production burn time, use only with this caveat.

This extension is not hardened and should only be used in deployments where both the downstream and upstream are trusted.

shashankram avatar Jun 10 '25 17:06 shashankram

@nbaws @marcomagdy @mattklein123 @niax @jstewmon could you clarify if the documented security posture is still accurate?

shashankram avatar Jun 10 '25 18:06 shashankram

@shashankram Sorry about the delay in replying. I am marking this extension as stable here https://github.com/envoyproxy/envoy/pull/39951 - I'm aware of multiple customers using this extension in production.

Security posture wont change until I've taken a better look at the criteria.

nbaws avatar Jun 18 '25 23:06 nbaws

@shashankram Sorry about the delay in replying. I am marking this extension as stable here #39951 - I'm aware of multiple customers using this extension in production.

Good to know this extension is being marked as stable.

Security posture wont change until I've taken a better look at the criteria.

Okay, please update this issue when you assess the security posture.

requires_trusted_downstream_and_upstream makes the filter seem less secure. Would the threat model be different when the Lambda filter is combined with the AWS signing filter?

shashankram avatar Jun 23 '25 14:06 shashankram

@shashankram both filters use the same common components for SigV4 signing. It's not likely the threat model would change substantially regardless which filter you use. Will keep you posted as to my findings.

nbaws avatar Jun 24 '25 00:06 nbaws

@nbaws were you also able to assess the threat model of the filter?

shashankram avatar Jul 08 '25 18:07 shashankram

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

github-actions[bot] avatar Aug 07 '25 20:08 github-actions[bot]

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.

github-actions[bot] avatar Aug 14 '25 20:08 github-actions[bot]