Lambda
LeakLambda is an AWS Lambda layer capable of running LeakSignal inside a Lambda function with support for all Lambda runtimes on the x86_64 architecture. LeakLambda gives you complete control over the usual matching, redaction, blocking, and early returns for your Lambda functions input and output.
Installation
LeakLambda can be installed two ways:
Installation via ARN
If your function is in one of the supported regions, installing LeakLambda is as simple as clicking Add a Layer in your Lambda function then specifying one of the following ARNs
| Region | ARN |
|---|---|
| us-east-1 | arn:aws:lambda:us-east-1:829300478952:layer:leaklambda:6 |
| us-east-2 | arn:aws:lambda:us-east-2:829300478952:layer:leaklambda:5 |
| us-west-1 | arn:aws:lambda:us-west-1:829300478952:layer:leaklambda:45 |
| us-west-2 | arn:aws:lambda:us-west-2:829300478952:layer:leaklambda:6 |
| ap-south-1 | arn:aws:lambda:ap-south-1:829300478952:layer:leaklambda:4 |
| ap-northeast-3 | arn:aws:lambda:ap-northeast-3:829300478952:layer:leaklambda:4 |
| ap-northeast-2 | arn:aws:lambda:ap-northeast-2:829300478952:layer:leaklambda:4 |
| ap-southeast-1 | arn:aws:lambda:ap-southeast-1:829300478952:layer:leaklambda:4 |
| ap-southeast-2 | arn:aws:lambda:ap-southeast-2:829300478952:layer:leaklambda:4 |
| ap-northeast-1 | arn:aws:lambda:ap-northeast-1:829300478952:layer:leaklambda:4 |
| ca-central-1 | arn:aws:lambda:ca-central-1:829300478952:layer:leaklambda:4 |
| eu-central-1 | arn:aws:lambda:eu-central-1:829300478952:layer:leaklambda:4 |
| eu-west-1 | arn:aws:lambda:eu-west-1:829300478952:layer:leaklambda:4 |
| eu-west-2 | arn:aws:lambda:eu-west-2:829300478952:layer:leaklambda:4 |
| eu-west-3 | arn:aws:lambda:eu-west-3:829300478952:layer:leaklambda:4 |
| eu-north-1 | arn:aws:lambda:eu-north-1:829300478952:layer:leaklambda:4 |
| sa-east-1 | arn:aws:lambda:sa-east-1:829300478952:layer:leaklambda:4 |
Creating your own custom layer
If you are outside the supported regions then you can create your own layer using our LeakLambda zip file hosted on S3. Simply download the zip file, go to Lambda > Layers, click Create Layer, and upload the zip file. From there all you have to do is add the layer to your function.
Setup
Once you've installed LeakLambda, you need to set up the following environment variables:
AWS_LAMBDA_EXEC_WRAPPER: Must be set to/opt/leaklambdaor the extension will not work.LEAKLAMBDA_UPSTREAM: The host that LeakLambda will use when talking to command. Optional. Defaults tohttps://ingestion.app.leaksignal.com.LEAKLAMBDA_API_KEY: The API key that LeakLambda will use when talking to command. Optional. The provided value will be encrypted at rest with the default Lambda service key.
And thats it! When your Lambda function runs it will look and act just like a normal Leaksignal node in command.
Limitations
ARM64 support
It is possible to build an ARM64 version of LeakLambda, although we do not currently provide binaries for this. If you require ARM64 support, please reach out to let us know and we will prioritize it!
Container image function support
LeakLambda makes use of some special quirks in how zip functions work in AWS Lambda to proxy the input and output. Because of this, functionality in a container image function is not guaranteed. If this is your use case, you may want to look into some of the other tools we provide.
Proxying other traffic
LeakLambda is only capable of proxying the /next and /response endpoints in the Lambda API. So any custom traffic generated by your Lambda function will NOT be proxied.