securing-serverless-functions

Featured

This skill covers security hardening for serverless compute platforms including AWS Lambda, Azure Functions, and Google Cloud Functions. It addresses least privilege IAM roles, dependency vulnerability scanning, secrets management integration, input validation, function URL authentication, and runtime monitoring to protect against injection attacks, credential theft, and supply chain compromises.

DevOps & Infrastructure 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Securing Serverless Functions ## When to Use - When deploying Lambda functions or Azure Functions with access to sensitive data or cloud APIs - When auditing existing serverless workloads for overly permissive IAM roles - When integrating serverless functions into a DevSecOps pipeline with automated security scanning - When hardcoded secrets or vulnerable dependencies are discovered in function code - When establishing runtime monitoring for serverless workloads to detect injection or credential theft **Do not use** for container-based compute security (see securing-kubernetes-on-cloud), for API Gateway configuration (see implementing-cloud-waf-rules), or for serverless architecture design decisions. ## Prerequisites - AWS Lambda, Azure Functions, or GCP Cloud Functions with deployment access - CI/CD pipeline with dependency scanning tools (npm audit, Snyk, Dependabot) - AWS Secrets Manager, Azure Key Vault, or HashiCorp Vault for secrets management - CloudWatch, Application Insights, or Cloud Logging for function monitoring ## Workflow ### Step 1: Enforce Least Privilege IAM Roles Assign each Lambda function a dedicated IAM role with permissions scoped to only the specific resources it accesses. Never share IAM roles across functions. ```bash # Create a least-privilege role for a specific Lambda function aws iam create-role \ --role-name order-processor-lambda-role \ --assume-role-policy-document '{ "Version": "2012-10-17", "Statement": [{ "Effec...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

AWS · Cloud Google Cloud · Cloud Azure · Cloud Kubernetes · Infrastructure

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Featured

performing-serverless-function-security-review

Performing security reviews of serverless functions across AWS Lambda, Azure Functions, and GCP Cloud Functions to identify overly permissive execution roles, insecure environment variables, injection vulnerabilities, and missing runtime protections.

12,642 Updated today
mukul975
DevOps & Infrastructure Featured

securing-aws-lambda-execution-roles

Securing AWS Lambda execution roles by implementing least-privilege IAM policies, applying permission boundaries, restricting resource-based policies, using IAM Access Analyzer to validate permissions, and enforcing role scoping through SCPs.

12,642 Updated today
mukul975
DevOps & Infrastructure Listed

aws-lambda-security

Security audit for AWS Lambda functions including IAM role least privilege, environment variable encryption (KMS), Function URLs vs API Gateway, VPC config, layer usage, container image scanning, X-Ray and logs PII, cold start state, async invocation handling, and Lambda-specific patterns across Node, Python, Go, Java runtimes. Use this skill whenever the user mentions AWS Lambda, lambda function, IAM role, Function URL, API Gateway + Lambda, Lambda layer, SAM, CDK Lambda, Serverless Framework, or asks "audit my Lambda", "Lambda security review", "Lambda IAM". Trigger when the codebase contains `serverless.yml`, `template.yaml` (SAM), `cdk.json`, or Lambda handler patterns.

1 Updated 6 days ago
hlsitechio
DevOps & Infrastructure Featured

detecting-serverless-function-injection

Detects and prevents code injection attacks targeting serverless functions (AWS Lambda, Azure Functions, Google Cloud Functions) through event source poisoning, malicious layer injection, runtime command execution, and IAM privilege escalation via function modification. The analyst combines static analysis of function code, CloudTrail event correlation, runtime behavior monitoring, and IAM policy auditing to identify injection vectors across the expanded serverless attack surface including API Gateway, S3, SQS, DynamoDB Streams, and CloudWatch event triggers. Activates for requests involving Lambda security assessment, serverless injection detection, function event poisoning analysis, or serverless privilege escalation investigation.

12,642 Updated today
mukul975
AI & Automation Featured

securing-aws-iam-permissions

This skill guides practitioners through hardening AWS Identity and Access Management configurations to enforce least privilege access across cloud accounts. It covers IAM policy scoping, permission boundaries, Access Analyzer integration, and credential rotation strategies to reduce the blast radius of compromised identities.

12,642 Updated today
mukul975