Ajinkya lambda prevention #129
Conversation
| if 'Statement' in policy['PolicyDocument']: | ||
| for statement in policy['PolicyDocument']['Statement']: | ||
| if statement['Effect'] == 'Allow' and 'Action' in statement and '*' in statement['Action']: | ||
| print(f"Lambda function {function['FunctionName']} has administrative permissions.") |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| ```python | ||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| 4. **Enable CloudTrail if Not Enabled**: | ||
| If CloudTrail is not enabled, create a new trail and start logging. | ||
|
|
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| try: | ||
| trails = cloudtrail_client.describe_trails(trailNameList=[function['FunctionName']]) | ||
| if not trails['trailList']: | ||
| print(f"CloudTrail is not enabled for the function: {function['FunctionName']}") |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| # Initialize a session using Amazon EC2 | ||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| try: | ||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| if statement['Principal'] == '*' or statement['Principal'] != 'YOUR_AWS_ACCOUNT_ID': | ||
| print(f"Lambda function {function['FunctionName']} allows cross-account access.") | ||
| ``` | ||
|
|
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| ```python | ||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| This script will print the names of all Lambda functions that do not have access to VPC-only resources. | ||
| </Accordion> | ||
|
|
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| ```python | ||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| This script will print the names of all Lambda functions that do not have a default timeout set. | ||
| </Accordion> | ||
|
|
||
| </AccordionGroup> |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| session = boto3.Session( | ||
| aws_access_key_id='your_access_key', | ||
| aws_secret_access_key='your_secret_access_key', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| print(f"Lambda function {function_name} does not have DLQ configured.") | ||
| ``` | ||
|
|
||
| This script will print the names of all Lambda functions that do not have DLQ configured. |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| check_lambda_tags() | ||
| ``` | ||
|
|
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| ) | ||
| return response | ||
|
|
||
| # Example usage |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| FunctionName=function['FunctionName'] | ||
| ) | ||
| if 'ReservedConcurrentExecutions' not in function_details: | ||
| print(f"Lambda function {function['FunctionName']} does not have a concurrency limit set.") |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| import os | ||
|
|
||
| os.environ['AWS_ACCESS_KEY_ID'] = 'your_access_key_id' | ||
| os.environ['AWS_SECRET_ACCESS_KEY'] = 'your_secret_access_key' |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| print(f"Logging is not enabled for function: {function['FunctionName']}") | ||
| ``` | ||
|
|
||
| This script will print out the names of all the Lambda functions that do not have logging enabled. This is a misconfiguration as it's a best practice to enable logging for all Lambda functions to track and debug any issues. |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| role = function['Role'] | ||
| if role not in role_dict: | ||
| role_dict[role] = [function['FunctionName']] | ||
| else: |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
No description provided.