ericpardee/check_lambda_credentials.py

## check_lambda_credentials.py
import subprocess
import json

def list_lambda_functions():
    result = subprocess.run(['aws', 'lambda', 'list-functions', '--query', 'Functions[*].FunctionName', '--output', 'text'], stdout=subprocess.PIPE)
    function_names = result.stdout.decode('utf-8').strip().split()
    return function_names

def get_environment_variables(function_name):
    result = subprocess.run(['aws', 'lambda', 'get-function-configuration', '--function-name', function_name, '--query', 'Environment.Variables', '--output', 'json'], stdout=subprocess.PIPE)
    env_vars = json.loads(result.stdout.decode('utf-8').strip())
    return env_vars

def check_for_aws_credentials(env_vars):
    for key, value in env_vars.items():
        if 'AWS_ACCESS_KEY_ID' in key or 'AWS_SECRET_ACCESS_KEY' in key or 'AWS_SESSION_TOKEN' in key:
            return True
    return False

def main():
    function_names = list_lambda_functions()
    functions_with_credentials = []
    for function_name in function_names:
        env_vars = get_environment_variables(function_name)
        if env_vars and check_for_aws_credentials(env_vars):
            functions_with_credentials.append(function_name)
    if functions_with_credentials:
        print("Lambda functions with AWS credentials in environment variables:")
        for function in functions_with_credentials:
            print(f"- {function}")
    else:
        print("No Lambda functions found with AWS credentials in environment variables.")

if __name__ == "__main__":
    main()
	import subprocess
	import json

	def list_lambda_functions():
	result = subprocess.run(['aws', 'lambda', 'list-functions', '--query', 'Functions[*].FunctionName', '--output', 'text'], stdout=subprocess.PIPE)
	function_names = result.stdout.decode('utf-8').strip().split()
	return function_names

	def get_environment_variables(function_name):
	result = subprocess.run(['aws', 'lambda', 'get-function-configuration', '--function-name', function_name, '--query', 'Environment.Variables', '--output', 'json'], stdout=subprocess.PIPE)
	env_vars = json.loads(result.stdout.decode('utf-8').strip())
	return env_vars

	def check_for_aws_credentials(env_vars):
	for key, value in env_vars.items():
	if 'AWS_ACCESS_KEY_ID' in key or 'AWS_SECRET_ACCESS_KEY' in key or 'AWS_SESSION_TOKEN' in key:
	return True
	return False

	def main():
	function_names = list_lambda_functions()
	functions_with_credentials = []
	for function_name in function_names:
	env_vars = get_environment_variables(function_name)
	if env_vars and check_for_aws_credentials(env_vars):
	functions_with_credentials.append(function_name)
	if functions_with_credentials:
	print("Lambda functions with AWS credentials in environment variables:")
	for function in functions_with_credentials:
	print(f"- {function}")
	else:
	print("No Lambda functions found with AWS credentials in environment variables.")

	if __name__ == "__main__":
	main()