Security Concern: Unrestricted S3 Access in Titiler Policy

[achrafchabbouh1988]

The CloudFormation template (sam.yml) you provided grants the Lambda function unrestricted access to all S3 buckets through the policy associated with the AWSLambdaExecute statement. This presents a significant security risk, as the application might unintentionally access or modify data in buckets unrelated to its intended operations. This could potentially expose sensitive information or disrupt critical business processes.

• Recommendations:
  1. Refactor the policy: Use a least privilege approach by specifying the exact S3 buckets the function requires access to instead of using wildcards (*).
  2. Consider IAM roles: Utilize IAM roles to grant specific permissions to the Lambda function instead of relying on the broader AWSLambdaExecute policy.

[vincentsarago]

This presents a significant security risk, as the application might unintentionally access or modify data in buckets unrelated to its intended operation

Well the lambda handler provided with this SAM only do reads and in SAM we only allow GET and HEAD request

titiler-lambda-layer/sam.yml

Lines 61 to 63 in 8d08eb0

	Action:
	- s3:GetObject
	- s3:HeadObject

The SAM template also add the possibility to select specific Bucket

titiler-lambda-layer/sam.yml

Lines 5 to 7 in 8d08eb0

	Bucket:
	Type: CommaDelimitedList
	Default: "*"

so any user can change * to the list they want the tiler to access

Consider IAM roles: Utilize IAM roles to grant specific permissions to the Lambda function instead of relying on the broader AWSLambdaExecute policy.

Sure, I'll be happy to review a PR to add this 🙏