creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
794489277cbb1fe862abc0addcd6dc540818db43
Anthropic-Cybersecurity-Skills/skills/performing-serverless-function-security-review/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

73 lines
2.7 KiB
Markdown
Raw Blame History

# API Reference: Serverless Function Security Review
## Overview
Agent automates Lambda security reviews using boto3 to audit execution roles, environment variable secrets, deprecated runtimes, and public access configurations.
## Dependencies
| Package | Version | Purpose |
|---------|---------|---------|
| boto3 | >= 1.28 | AWS SDK for Lambda and IAM API calls |
| botocore | >= 1.31 | Exception handling for AWS API errors |
## Core Functions
### `list_all_functions(client)`
Paginates through all Lambda functions in the region.
- **Parameters**: `client` - boto3 Lambda client
- **Returns**: `list[dict]` - full function configuration objects
### `check_deprecated_runtime(runtime)`
Checks if a Lambda runtime is end-of-life.
- **Parameters**: `runtime` (str) - Lambda runtime identifier
- **Returns**: `bool` - True if deprecated
### `audit_execution_role(iam, role_arn)`
Inspects attached IAM policies for wildcard actions and AdministratorAccess.
- **Parameters**: `iam` - boto3 IAM client, `role_arn` (str)
- **Returns**: `list[str]` - finding descriptions
### `check_env_secrets(env_vars)`
Scans environment variables for sensitive patterns (passwords, API keys, AWS credentials).
- **Parameters**: `env_vars` (dict) - Lambda environment variables
- **Returns**: `list[str]` - masked sensitive variable findings
### `check_public_access(client, function_name)`
Checks resource-based policies and function URLs for unauthenticated access.
- **Parameters**: `client` - boto3 Lambda client, `function_name` (str)
- **Returns**: `list[str]` - public access findings
### `run_review(region="us-east-1")`
Orchestrates the full review across all functions. Returns structured report dict.
## AWS API Calls Used
| API Call | Service | Purpose |
|----------|---------|---------|
| `list_functions` | Lambda | Enumerate all Lambda functions |
| `get_policy` | Lambda | Retrieve resource-based policy |
| `list_function_url_configs` | Lambda | Check function URL auth type |
| `list_attached_role_policies` | IAM | Get policies on execution role |
| `get_policy_version` | IAM | Read policy document for wildcards |
## Environment Variables
| Variable | Required | Description |
|----------|----------|-------------|
| `AWS_ACCESS_KEY_ID` | Yes | AWS credential (or use IAM role) |
| `AWS_SECRET_ACCESS_KEY` | Yes | AWS credential (or use IAM role) |
| `AWS_DEFAULT_REGION` | No | Defaults to us-east-1 |
## Output Schema
```json
{
"total_functions": 34,
"deprecated_runtimes": [{"function": "name", "runtime": "python3.7"}],
"role_findings": ["CRITICAL: Role X has AdministratorAccess"],
"secret_findings": [{"function": "name", "finding": "SENSITIVE: DB_PASSWORD = prod****word"}],
"public_access_findings": ["PUBLIC ACCESS: func allows public invocation"]
}
```
Reference in New Issue View Git Blame Copy Permalink