creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-10 21:24:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
c715f0b36e9b884483193fa409ba5cbb24a57ded
Anthropic-Cybersecurity-Skills/skills/performing-serverless-function-security-review/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

2.7 KiB
Raw Blame History

API Reference: Serverless Function Security Review

Overview

Agent automates Lambda security reviews using boto3 to audit execution roles, environment variable secrets, deprecated runtimes, and public access configurations.

Dependencies

Package Version Purpose
boto3 >= 1.28 AWS SDK for Lambda and IAM API calls
botocore >= 1.31 Exception handling for AWS API errors

Core Functions

list_all_functions(client)

Paginates through all Lambda functions in the region.

  • Parameters: client - boto3 Lambda client
  • Returns: list[dict] - full function configuration objects

check_deprecated_runtime(runtime)

Checks if a Lambda runtime is end-of-life.

  • Parameters: runtime (str) - Lambda runtime identifier
  • Returns: bool - True if deprecated

audit_execution_role(iam, role_arn)

Inspects attached IAM policies for wildcard actions and AdministratorAccess.

  • Parameters: iam - boto3 IAM client, role_arn (str)
  • Returns: list[str] - finding descriptions

check_env_secrets(env_vars)

Scans environment variables for sensitive patterns (passwords, API keys, AWS credentials).

  • Parameters: env_vars (dict) - Lambda environment variables
  • Returns: list[str] - masked sensitive variable findings

check_public_access(client, function_name)

Checks resource-based policies and function URLs for unauthenticated access.

  • Parameters: client - boto3 Lambda client, function_name (str)
  • Returns: list[str] - public access findings

run_review(region="us-east-1")

Orchestrates the full review across all functions. Returns structured report dict.

AWS API Calls Used

API Call Service Purpose
list_functions Lambda Enumerate all Lambda functions
get_policy Lambda Retrieve resource-based policy
list_function_url_configs Lambda Check function URL auth type
list_attached_role_policies IAM Get policies on execution role
get_policy_version IAM Read policy document for wildcards

Environment Variables

Variable Required Description
AWS_ACCESS_KEY_ID Yes AWS credential (or use IAM role)
AWS_SECRET_ACCESS_KEY Yes AWS credential (or use IAM role)
AWS_DEFAULT_REGION No Defaults to us-east-1

Output Schema

{
  "total_functions": 34,
  "deprecated_runtimes": [{"function": "name", "runtime": "python3.7"}],
  "role_findings": ["CRITICAL: Role X has AdministratorAccess"],
  "secret_findings": [{"function": "name", "finding": "SENSITIVE: DB_PASSWORD = prod****word"}],
  "public_access_findings": ["PUBLIC ACCESS: func allows public invocation"]
}
Reference in New Issue View Git Blame Copy Permalink