← ClaudeAtlas

aws-lambda-securitylisted

Security audit for AWS Lambda functions including IAM role least privilege, environment variable encryption (KMS), Function URLs vs API Gateway, VPC config, layer usage, container image scanning, X-Ray and logs PII, cold start state, async invocation handling, and Lambda-specific patterns across Node, Python, Go, Java runtimes. Use this skill whenever the user mentions AWS Lambda, lambda function, IAM role, Function URL, API Gateway + Lambda, Lambda layer, SAM, CDK Lambda, Serverless Framework, or asks "audit my Lambda", "Lambda security review", "Lambda IAM". Trigger when the codebase contains `serverless.yml`, `template.yaml` (SAM), `cdk.json`, or Lambda handler patterns.
hlsitechio/claude-skills-security · ★ 1 · DevOps & Infrastructure · score 67
Install: claude install-skill hlsitechio/claude-skills-security
# AWS Lambda Security Audit Audit AWS Lambda functions across runtimes (Node, Python, Go, Java, .NET, Ruby). ## When this skill applies - Reviewing Lambda IAM roles and policies - Auditing function configuration (env vars, VPC, timeout, memory) - Reviewing Function URL vs API Gateway exposure - Checking layer dependencies and supply chain - Auditing handler code for runtime-agnostic Lambda concerns ## Workflow Follow `../_shared/audit-workflow.md`. Companion: runtime-specific skills (`nodejs-express-security`, `fastapi-security`, etc.). ### Phase 1: Stack detection ```bash # IaC discovery ls serverless.yml serverless.yaml template.yaml template.yml cdk.json 2>/dev/null # Check AWS CLI aws --version 2>/dev/null # SAM ls samconfig.toml 2>/dev/null ``` ### Phase 2: Inventory ```bash # Function definitions grep -rn 'AWS::Lambda::Function\|Type: AWS::Serverless::Function\|new Function(' . --include='*.yml' --include='*.yaml' --include='*.ts' --include='*.py' 2>/dev/null # IAM policies grep -rn 'Policies:\|PolicyDocument\|inlinePolicies' . --include='*.yml' --include='*.yaml' --include='*.ts' 2>/dev/null | head # Function URLs grep -nE 'FunctionUrlConfig|addFunctionUrl' . --include='*.yml' --include='*.yaml' --include='*.ts' 2>/dev/null # Env vars grep -nE 'Environment:|environment:' . --include='*.yml' --include='*.yaml' 2>/dev/null | head ``` ### Phase 3: Detection — the checks #### IAM — least privilege - **AWL-IAM-1** Each function has its own role. Don't share o