whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

deatils on Lambda

This commit is contained in:
gurkenhabicht 2024-02-24 12:50:42 +01:00
parent 7f942bbffd
commit 1293a6009b
1 changed files with 54 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
Enumeration/AWS.md
View File

@ -834,9 +834,20 @@ aws s3 cp s3://<bucketname>/foo_public.xml . --no-sign-request
### Lambda ### Lambda
Lambda is a serverless, event-driven compute service offered by AWS. Means, you Lambda is a serverless, event-driven compute service offered by AWS. Means, you
don't need a backend to a function you want to provider. A Lambda function don't need a backend to a function you want to provider. Queries to the
has its own container deployed. function containing events are send via an API. Invocation of the Lambda
A Lambda function can for 15 minutes at max. functions can be synchronous or asynchronous, but not in parallel. The event
and its context are sent through a lambda handler.
A Lambda function has its own container deployed. An instance is initiated as a
cold start at first run.
![Lambda Service API](./include/telemetry-api-concept-diagram.png
The ARN of a the function invoked is structured in the following way.
```
arn:aws:lambda:<region>:<AccountId>:function:<functionName>
```
Execute a lambda function via aws cli. Execute a lambda function via aws cli.
@ -845,7 +856,7 @@ aws lambda invoke \
--function-name arn:aws:lambda:<region>:<account_id>:function:<function_name> <arg1> --function-name arn:aws:lambda:<region>:<account_id>:function:<function_name> <arg1>
``` ```
List policies List policies via aws cli.
```sh ```sh
aws lambda get-policy \ aws lambda get-policy \
@ -855,6 +866,45 @@ aws lambda get-policy \
| jq . | jq .
``` ```
Query a function's details via aws cli, a KMS key is needed.
```sh
aws lambda get-function --function-name arn:aws:lambda:<region>:<AccountId>:function:<functionName>
```
#### Lambda Buildup
The executed code is frequently stored in a zip file inside an S3 bucket. A
file name is set so the handler can execute it. The zip file is queried through
the API before a functions execution is triggered. The zip file contains a file
name which is called by the handler.
Events can be tested through the web console.
A Lambda function can for 15 minutes at max. Memory for the function execution
can be allocated from 128 MB to 10GB. The CPU cores are scaled with the set
memory size.
A lambda function has a default runtime specified for the programming language
in use. Custom runtimes can be created as well. The runtime has environment
variables set. These variables are encrypted through a KMS key at rest and can
be queried via `lambda:GetFunction`.
Permissions are set through roles, so a Lambda functions is able to act on
other resources. There are policies on who can invoke the Lambda function via
`lambda:InvokeFunction` as well. Functions can have public permissions, open to everyone.
Logging output is `stdout` and `stderr` to CloudWatch as `aws/lambda/<functionName>`.
Lambda functions can have public and private Ip addresses on a Hyperplane
Extended Network Interface. These ENIs have security grouips attached like
usual.
Lambda functions have 500MB of disk space inside the container's /tmp directory
or can have an Elastic File System attached (EFS).
### CloudFront ### CloudFront
CloudFront is a Content Delivery Network(CDN), which stores static data on Edge CloudFront is a Content Delivery Network(CDN), which stores static data on Edge