# Serverless Security (Functions-as-a-Service) One-sentence definition: Secure function code, triggers, permissions, and data flows in ephemeral environments. ## Key Facts - Least privilege IAM for functions; per-function roles and KMS-integrated secrets. - Validate events (auth, schemas, signatures); guard against event injection. - Control egress (VPC, proxies); avoid long-lived secrets; rotate. - Monitor cold starts, concurrency, and retries for abuse. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose IAM scoping + signed events for serverless threats. **Mnemonic:** “**Small code, strong controls**.” ## Mini Scenario Q: Publicly invocable function scrapes DB—fix? A: Restrict trigger auth, least-privilege role, and input validation. ## Revision Checklist - Two IAM rules. - Event validation step. - Egress control. ## Related [[API Security Fundamentals (REST GraphQL gRPC)]] · [[Webhook Security and Request Signing]] · [[Cloud SOC Operations (CSPM CWPP CIEM)]] · [[Secrets in Containers and Environment Variables]] · [[Domain 8 - Index]]