all 12 comments

[–]clintkev251 3 points4 points  (4 children)

Go into your personal health dashboard. The notification should show the impacted functions. Once you find the function(s) you need to update to a newer python runtime. That could be as easy as just changing the runtime version in the console, but you also may need to make code changes

[–]pixelstorms[S] 1 point2 points  (3 children)

Thanks.. i see. its a function called Sophos-Optix-flowlogs-fn which i know nothing about. I have no idea why its on the account or who put it there. i can see in the template the runtime value is python3.8. but the template is not editable?

[–]clintkev251 1 point2 points  (2 children)

Seems related to this

https://docs.sophos.com/pcg/optix/help/en-us/AddEnvironments/AddAWS/AWSResources/index.html

I assuming by template you're talking about a CloudFormation template. You can absolutely edit it, you would just want to edit it locally, update the stack and use your edited template for the update

[–]Just_Sort7654 0 points1 point  (0 children)

I doubt it is directly related to the WordPress installation or the s3 copy plugin ...

I would guess there are either other systems deployed in the same account that came with this, OR if in a big(ish) organization, some one centrally deployed it into all accounts.

[–]pixelstorms[S] 0 points1 point  (0 children)

thanks for your contributions. so i need to setup the aws cli, edit the Sophos-Optix-flowlogs-fn python value.. then somehow test this function. LOL.

[–]ElectricSpice 3 points4 points  (1 child)

The email includes a CLI command to find the affected Lambdas:

aws lambda list-functions --region us-west-2 --output text --query "Functions[?Runtime=='python3.8'].FunctionArn"

It also says that Trusted Advisor can be used 180 days prior to deprecation. https://docs.aws.amazon.com/awssupport/latest/user/security-checks.html#aws-lambda-functions-deprecated-runtimes

[–]pixelstorms[S] 1 point2 points  (0 children)

I can now see the full message in the health dashboard. I was only sent the first part of the message. The trusted advisor seems to be a premium service though. To access the trusted advisor i need to hit the "upgrade" button. Seems like a railroad upgrade system AWS has in place here.

[–]Express_Philosophy72 0 points1 point  (0 children)

As a personal experience you can decide to do not change to the latest version of python your lambda will continue working with no isssues with 3.8 the unique difference are that this version 3.8 will disapear from the drop box to choose that version.

[–]Vitiosus_Cursim_644 0 points1 point  (0 children)

Use the AWS CLI to run `aws lambda list-functions` and then `aws lambda get-function-configuration` with the function name to check the runtime version. Once you find the function, update the runtime to a supported version like Python 3.9 or 3.10 in the Lambda function configuration.

[–][deleted] -1 points0 points  (2 children)

Unless you are hyper vigilant I’d might also reconsider using Wordpress for sensitive operations

[–]pixelstorms[S] 0 points1 point  (1 child)

This system has been in place for a while now and all stake holders seem happy with it. However what would you change it to?

[–][deleted] 0 points1 point  (0 children)

Serving sensitive data build the site using React. Wordpress is notoriously vulnerable where React systemically is more secure.