LeakLambda is an AWS Lambda layer capable of running LeakSignal inside a Lambda function with support for all Lambda runtimes on the x86_64 architecture. LeakLambda gives you complete control over the usual matching, redaction, blocking, and early returns for your Lambda functions input and output.
LeakLambda can be installed two ways:
Installation via ARN
If your function is in one of the supported regions, installing LeakLambda is as simple as clicking
Add a Layer in your Lambda function then specifying one of the following ARNs
Creating your own custom layer
If you are outside the supported regions then you can create your own layer using our LeakLambda zip file hosted on S3. Simply download the zip file, go to
Create Layer, and upload the zip file. From there all you have to do is add the layer to your function.
Once you've installed LeakLambda, you need to set up the following environment variables:
AWS_LAMBDA_EXEC_WRAPPER: Must be set to
/opt/leaklambdaor the extension will not work.
LEAKLAMBDA_UPSTREAM: The host that LeakLambda will use when talking to command. Optional. Defaults to
LEAKLAMBDA_API_KEY: The API key that LeakLambda will use when talking to command. Optional. The provided value will be encrypted at rest with the default Lambda service key.
And thats it! When your Lambda function runs it will look and act just like a normal Leaksignal node in command.
It is possible to build an ARM64 version of LeakLambda, although we do not currently provide binaries for this. If you require ARM64 support, please reach out to let us know and we will prioritize it!
Container image function support
LeakLambda makes use of some special quirks in how zip functions work in AWS Lambda to proxy the input and output. Because of this, functionality in a container image function is not guaranteed. If this is your use case, you may want to look into some of the other tools we provide.
Proxying other traffic
LeakLambda is only capable of proxying the
/response endpoints in the Lambda API. So any custom traffic generated by your Lambda function will NOT be proxied.