creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-10 21:24:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
Anthropic-Cybersecurity-Skills/skills/securing-aws-lambda-execution-roles/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

60 lines
2.3 KiB
Markdown
Raw Permalink Blame History

# API Reference: Securing AWS Lambda Execution Roles
## boto3 Lambda Client
### Key Methods
| Method | Description |
|--------|-------------|
| `list_functions()` | List all Lambda functions with role ARNs and runtime info |
| `get_function_configuration()` | Get function config including execution role |
| `update_function_configuration()` | Update function settings (role, KMS key, logging) |
| `create_function_url_config()` | Configure function URL with auth type |
## boto3 IAM Client (Role Analysis)
| Method | Description |
|--------|-------------|
| `get_role()` | Get role details including trust policy and permission boundary |
| `list_attached_role_policies()` | List managed policies on a role |
| `list_role_policies()` | List inline policy names |
| `get_role_policy()` | Get inline policy document |
| `put_role_permissions_boundary()` | Apply permission boundary |
| `simulate_principal_policy()` | Test effective permissions |
| `create_role()` | Create new role with trust policy |
| `attach_role_policy()` | Attach a managed policy to a role |
## boto3 Access Analyzer Client
| Method | Description |
|--------|-------------|
| `validate_policy()` | Validate policy against security best practices |
| `start_policy_generation()` | Generate least-privilege policy from CloudTrail |
| `get_generated_policy()` | Retrieve generated policy result |
| `check_no_new_access()` | Verify policy does not grant new access |
### Trust Policy Structure
```json
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {"Service": "lambda.amazonaws.com"},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {"aws:SourceAccount": "ACCOUNT_ID"}
}
}]
}
```
### Permission Boundary Effect
The effective permissions are the intersection of:
1. Identity-based policy (attached to role)
2. Permission boundary (maximum allowed permissions)
3. Service Control Policies (organizational guardrails)
## References
- Lambda execution role docs: https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html
- Permission boundaries: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
- Access Analyzer policy validation: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-policy-validation.html
Reference in New Issue View Git Blame Copy Permalink