Hacking Bloghttps://hack.com.cy/notes/cloud/aws/lambda/Recent content on Hacking BlogHugoenBasic Lambda Enumeration Cheet Sheethttps://hack.com.cy/notes/cloud/aws/lambda/lambda/Thu, 21 Aug 2025 00:00:00 +0000https://hack.com.cy/notes/cloud/aws/lambda/lambda/<h3 id="-list-all-lambda-functions"><strong>. List All Lambda Functions</strong></h3> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">aws lambda list-functions --region <span class="o">[</span>region<span class="o">]</span> </span></span></code></pre></div><blockquote> <p>Shows names, runtimes, ARNs, and last modified dates.</p> </blockquote> <hr> <h3 id="2-get-detailed-info-on-a-function"><strong>2. Get Detailed Info on a Function</strong></h3> <h4 id="a-get-full-function-config-iam-role-runtime-env-vars-etc">a. Get full function config (IAM role, runtime, env vars, etc.)</h4> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">aws lambda get-function-configuration --function-name <span class="o">[</span><span class="k">function</span>-name<span class="o">]</span> </span></span></code></pre></div><h4 id="b-get-code-download-url--deployment-details">b. Get code download URL + deployment details</h4> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> aws lambda get-function --function-name <span class="o">[</span><span class="k">function</span>-name<span class="o">]</span> </span></span></code></pre></div><blockquote> <p>Returns a pre-signed S3 URL to download the function code.</p> </blockquote> <hr> <h3 id="3-check-invocation-access"><strong>3. Check Invocation Access</strong></h3> <h4 id="a-whowhat-can-invoke-the-function-resource-based-policy">a. Who/what can invoke the function (resource-based policy)?</h4> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">aws lambda get-policy --function-name <span class="o">[</span><span class="k">function</span>-name<span class="o">]</span> </span></span></code></pre></div><blockquote> <p>Look for <code>&quot;Principal&quot;: &quot;*&quot;</code> or cross-account permissions.</p>