Skip to main content

Handling EOL Security Alerts

When you onboard your AWS account (master payer or child) into the nOps platform, a CloudFormation (CF) stack is deployed in your AWS Console.

This stack creates several resources, including a Lambda function named NopsCallback, which uses a specific Python runtime version.
Over time, this runtime may reach EOL (End of Life) — meaning it no longer receives updates or security patches from AWS. As a result, it can trigger security alerts flagged by tools like AWS Security Hub, third-party scanners, or internal audits.

You can resolve this EOL Lambda security issue using either of the two approaches below:

Option 1: Delete the NopsCallback Lambda Function

The NopsCallback Lambda is not used by the platform post-onboarding and can be safely removed.

Steps to Remove the Lambda

  1. Log in to the AWS Console

  2. Go to CloudFormation and select the stack you ran during onboarding

  3. Navigate to the Resources tab

  4. Look for a resource with Logical ID: NopsCallback

  5. Click the Physical ID link of this resource

  1. On the Lambda function page, click Actions → Delete

Note: There is no operational dependency on this Lambda after onboarding is complete.

If you manually delete this Lambda and later decide to delete the entire CloudFormation stack, AWS will:

  • Show a warning that one or more resources (like NopsCallback) no longer exist.
  • Still proceed with the deletion of all remaining stack resources.
  • Mark the stack as DELETE_COMPLETE once finished.

So, manually deleting NopsCallback does not block or interfere with future stack deletion.
AWS simply skips the missing resource and deletes the rest.

Option 2: Update the CF Stack with the Latest Template

This method updates the entire CloudFormation stack to the latest version, which includes a new Lambda runtime and other improvements.

Steps to Update the Stack

  1. Log in to the AWS Console

  2. Go to CloudFormation and select the stack used during onboarding

  3. Click on Update in the top-right corner

  4. Choose "Replace existing template"

  5. In the next step, choose one of the following:

    • Upload a template file
    • Specify an Amazon S3 URL

  6. Click Next

  7. On the Parameters page:

    • Review existing values
    • Modify only if needed, otherwise leave them as it is

  8. Continue clicking Next, then Update Stack to proceed

This ensures you're running the latest stack with updated runtime and secured resources.