diff --git a/Enumeration/AWS.md b/Enumeration/AWS.md index 0f0906b..1076b0b 100644 --- a/Enumeration/AWS.md +++ b/Enumeration/AWS.md @@ -834,9 +834,20 @@ aws s3 cp s3:///foo_public.xml . --no-sign-request ### Lambda Lambda is a serverless, event-driven compute service offered by AWS. Means, you -don't need a backend to a function you want to provider. A Lambda function -has its own container deployed. -A Lambda function can for 15 minutes at max. +don't need a backend to a function you want to provider. Queries to the +function containing events are send via an API. Invocation of the Lambda +functions can be synchronous or asynchronous, but not in parallel. The event +and its context are sent through a lambda handler. +A Lambda function has its own container deployed. An instance is initiated as a +cold start at first run. + +![Lambda Service API](./include/telemetry-api-concept-diagram.png + +The ARN of a the function invoked is structured in the following way. + +``` +arn:aws:lambda:::function: +``` Execute a lambda function via aws cli. @@ -845,7 +856,7 @@ aws lambda invoke \ --function-name arn:aws:lambda:::function: ``` -List policies +List policies via aws cli. ```sh aws lambda get-policy \ @@ -855,6 +866,45 @@ aws lambda get-policy \ | jq . ``` +Query a function's details via aws cli, a KMS key is needed. + +```sh +aws lambda get-function --function-name arn:aws:lambda:::function: +``` + +#### Lambda Buildup + +The executed code is frequently stored in a zip file inside an S3 bucket. A +file name is set so the handler can execute it. The zip file is queried through +the API before a functions execution is triggered. The zip file contains a file +name which is called by the handler. + +Events can be tested through the web console. + +A Lambda function can for 15 minutes at max. Memory for the function execution +can be allocated from 128 MB to 10GB. The CPU cores are scaled with the set +memory size. + +A lambda function has a default runtime specified for the programming language +in use. Custom runtimes can be created as well. The runtime has environment +variables set. These variables are encrypted through a KMS key at rest and can +be queried via `lambda:GetFunction`. + +Permissions are set through roles, so a Lambda functions is able to act on +other resources. There are policies on who can invoke the Lambda function via +`lambda:InvokeFunction` as well. Functions can have public permissions, open to everyone. + +Logging output is `stdout` and `stderr` to CloudWatch as `aws/lambda/`. + +Lambda functions can have public and private Ip addresses on a Hyperplane +Extended Network Interface. These ENIs have security grouips attached like +usual. + +Lambda functions have 500MB of disk space inside the container's /tmp directory +or can have an Elastic File System attached (EFS). + + + ### CloudFront CloudFront is a Content Delivery Network(CDN), which stores static data on Edge