DocsRelease Notes

./HAVOC Lambda Functions

Details about AWS Lambda functions created in a ./HAVOC deployment

Suggest Edits

When creating a new ./HAVOC deployment, a series of AWS Lambda functions are created in your AWS account. Below is a list of the Lambda functions and their environment variables.

The Terraform configuration file that is used to create the lambda functions is available here: https://github.com/havocsh/havoc/blob/main/havoc_deploy/aws/terraform/lambdas.tf

AWS Lambda Functions

authorizer

  • Runtime: Python 3.8
  • Timeout: 60 seconds
  • Source code: https://github.com/havocsh/havoc/tree/main/havoc_control_api/authorizer
  • Deployment package: Local zip package of source code at build/authorizer.zip.
  • Handler: lambda_function.lambda_handler
  • Role: Assumes the ${var.deployment_name}-lambda-role IAM Role created during deployment.
  • Environment Variables:
    • DEPLOYMENT_NAME: Value from var.deployment_name.
    • API_DOMAIN_NAME: Constructed from var.deployment_name and var.domain_name if var.enable_domain_name is true; otherwise null.

manage

  • Runtime: Python 3.8
  • Timeout: 60 seconds
  • Source code: https://github.com/havocsh/havoc/tree/main/havoc_control_api/manage
  • Deployment package: Local zip package of source code at build/manage.zip.
  • Handler: lambda_function.lambda_handler
  • Role: Assumes the ${var.deployment_name}-lambda-role IAM Role created during deployment.
  • Environment Variables:
    • DEPLOYMENT_NAME: Value from var.deployment_name.
    • VPC_ID: ID for VPC created during ./HAVOC deployment.
    • SUBNET_0: ID of the deployment_subnet_0 subnet created during deployment.
    • SUBNET_1: ID of the deployment_subnet_1 subnet created during deployment.
    • SECURITY_GROUP: ID of the ${var.deployment_name}-listener-lb-default security group created during deployment.
    • ROLE_ARN: ARN of the ${var.deployment_name}-trigger-executor-role IAM role created during deployment.
    • TRIGGER_EXECUTOR_ARN: ARN of the ${var.deployment_name}-trigger-executor Lambda function created during deployment.

playbook_operator_control

  • Runtime: Python 3.8
  • Timeout: 300 seconds (5 minutes)
  • Source code: https://github.com/havocsh/havoc/tree/main/havoc_control_api/playbook_operator_control
  • Deployment package: Local zip package of source code at build/playbook_operator_control.zip.
  • Handler: lambda_function.lambda_handler
  • Role: Assumes the ${var.deployment_name}-lambda-role IAM Role created during deployment.
  • Environment Variables:
    • DEPLOYMENT_NAME: Value from var.deployment_name.
    • SUBNET: ID of the deployment_subnet_0 subnet created during deployment.

playbook_operator_result

  • Runtime: Python 3.8
  • Timeout: 60 seconds
  • Source code: https://github.com/havocsh/havoc/tree/main/havoc_control_api/playbook_operator_result
  • Deployment package: Local zip package of source code at build/playbook_operator_result.zip.
  • Handler: lambda_function.lambda_handler
  • Role: Assumes the ${var.deployment_name}-lambda-role IAM Role created during deployment.
  • Environment Variables:
    • DEPLOYMENT_NAME: Value from var.deployment_name.
    • ENABLE_PLAYBOOK_RESULTS_LOGGING: Value from var.enable_playbook_results_logging.
    • RESULTS_QUEUE_EXPIRATION: Value from var.results_queue_expiration.

remote_task

  • Runtime: Python 3.8
  • Timeout: 60 seconds
  • Source code: https://github.com/havocsh/havoc/tree/main/havoc_control_api/remote_task
  • Deployment package: Local zip package of source code at build/remote_task.zip.
  • Handler: lambda_function.lambda_handler
  • Role: Assumes the ${var.deployment_name}-lambda-role IAM Role created during deployment.
  • Environment Variables:
    • DEPLOYMENT_NAME: Value from var.deployment_name.
    • ENABLE_TASK_RESULTS_LOGGING: Value from var.enable_playbook_results_logging.
    • RESULTS_QUEUE_EXPIRATION: Value from var.results_queue_expiration.

task_control

  • Runtime: Python 3.8
  • Timeout: 60 seconds
  • Source code: https://github.com/havocsh/havoc/tree/main/havoc_control_api/task_control
  • Deployment package: Local zip package of source code at build/task_control.zip.
  • Handler: lambda_function.lambda_handler
  • Role: Assumes the ${var.deployment_name}-lambda-role IAM Role created during deployment.
  • Environment Variables:
    • DEPLOYMENT_NAME: Value from var.deployment_name.
    • SUBNET: ID of the deployment_subnet_0 subnet created during deployment.
    • SECURITY_GROUP: ID of the ${var.deployment_name}-tasks-default security group created during deployment.

task_result

  • Runtime: Python 3.8
  • Timeout: 60 seconds
  • Source code: https://github.com/havocsh/havoc/tree/main/havoc_control_api/task_result
  • Deployment package: Local zip package of source code at build/task_result.zip.
  • Handler: lambda_function.lambda_handler
  • Role: Assumes the ${var.deployment_name}-lambda-role IAM Role created during deployment.
  • Environment Variables:
    • DEPLOYMENT_NAME: Value from var.deployment_name.
    • ENABLE_TASK_RESULTS_LOGGING: Value from var.enable_playbook_results_logging.
    • RESULTS_QUEUE_EXPIRATION: Value from var.results_queue_expiration.

trigger_executor

  • Runtime: Python 3.8
  • Timeout: 900 seconds (15 minutes)
  • Source code: https://github.com/havocsh/havoc/tree/main/havoc_control_api/trigger_executor
  • Deployment package: Local zip package of source code at build/trigger_executor.zip.
  • Handler: lambda_function.lambda_handler
  • Role: Assumes the ${var.deployment_name}-lambda-role IAM Role created during deployment.
  • Environment Variables:
    • DEPLOYMENT_NAME: Value from var.deployment_name.
    • RESULTS_QUEUE_EXPIRATION: Value from var.results_queue_expiration.

workspace_access_get

  • Runtime: Python 3.8
  • Timeout: 60 seconds
  • Source code: https://github.com/havocsh/havoc/tree/main/havoc_control_api/workspace_access_get
  • Deployment package: Local zip package of source code at build/workspace_access_get.zip.
  • Handler: lambda_function.lambda_handler
  • Role: Assumes the ${var.deployment_name}-workspace-access-get-lambda-role IAM Role created during deployment.
  • Environment Variables:
    • DEPLOYMENT_NAME: Value from var.deployment_name.

workspace_access_put

  • Runtime: Python 3.8
  • Timeout: 60 seconds
  • Source code: https://github.com/havocsh/havoc/tree/main/havoc_control_api/workspace_access_put
  • Deployment package: Local zip package of source code at build/workspace_access_put.zip.
  • Handler: lambda_function.lambda_handler
  • Role: Assumes the${var.deployment_name}-workspace-access-put-lambda-role IAM Role created during deployment.
  • Environment Variables:
    • DEPLOYMENT_NAME: Value from var.deployment_name.

AWS Lambda Permissions

  • Permissions are defined to allow various AWS services to invoke the Lambda functions. These services include API Gateway, CloudWatch, and AWS Events.
  • The source ARNs and principals are defined per permission, ensuring that only the specified services can invoke the Lambda functions.

Updated 7 months ago