{"id":22477182,"url":"https://github.com/base2services/aws-lambda-tls-version-check","last_synced_at":"2025-06-11T14:34:03.350Z","repository":{"id":145343619,"uuid":"255365773","full_name":"base2Services/aws-lambda-tls-version-check","owner":"base2Services","description":null,"archived":false,"fork":false,"pushed_at":"2023-10-26T23:42:52.000Z","size":9,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-02-01T20:46:17.927Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/base2Services.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-04-13T15:26:37.000Z","updated_at":"2023-10-26T02:34:41.000Z","dependencies_parsed_at":null,"dependency_job_id":"6581d099-7f86-4cae-a748-1ba5999dbe10","html_url":"https://github.com/base2Services/aws-lambda-tls-version-check","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/base2Services%2Faws-lambda-tls-version-check","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/base2Services%2Faws-lambda-tls-version-check/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/base2Services%2Faws-lambda-tls-version-check/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/base2Services%2Faws-lambda-tls-version-check/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/base2Services","download_url":"https://codeload.github.com/base2Services/aws-lambda-tls-version-check/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245897307,"owners_count":20690455,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-06T14:09:46.386Z","updated_at":"2025-03-27T17:44:15.064Z","avatar_url":"https://github.com/base2Services.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Lambda TLS version check\n\nLambda function to check tls versions of a `host:port` endpoint\n\nOptionally, it can record metrics to CloudWatch.\n\n## Inputs\n\nAll inputs are either defined as environment variables or as part of event data. Event data\nwill take priority over environment variables\n\n`HOSTNAME` - hostname to be checked\n\n`PORT` - http method to use, defaults to 443\n\n`CHECK_MAX_SUPPORTED` - run the check for the max supported version and returns the version as a int [`1 SSLv2`, `2 SSLv3`, `3 TLSv1`, `4 TLSv1.1`, `5 TLSv1.2`]\n\n`PROTOCOLS` - list of protocols to check, defaults to `['SSLv2','SSLv3','TLSv1','TLSv1.1','TLSv1.2']` returns 0 if not support and 1 if it is\n\n`REPORT_AS_CW_METRICS` - set to 1 if you wish to store reported data as CW\ncustom metrics, 0 otherwise, defaults to 1\n\n`CW_METRICS_NAMESPACE` - if CW custom metrics are being reported, this will determine\ntheir namespace, defaults to 'TcpPortCheck'\n\n## Outputs\n\nBy default, following properties will be rendered in output Json\n\n`MaxVersion` - tls version as an int \n  - `1` =\u003e `SSLv2`\n  - `2` =\u003e `SSLv3`\n  - `3` =\u003e `TLSv1`\n  - `4` =\u003e `TLSv1.1`\n  - `5` =\u003e `TLSv1.2`\n\nAdditionally each TLS version checked will have it's own metric pushed with a value of `0` meaning not supported and `1` meaning supported\n\nexample\n\n```json\n{\"MaxVersion\":5,\"SSLv2\":0,\"SSLv3\":0,\"TLSv1\":1,\"TLSv1.1\":1,\"TLSv1.2\":1}\n```\n\n## Dependencies\n\nLambda function is having no external dependencies by design, so no additional packaging steps are required\nfor deploying it, such as doing `pip install [libname]`\n\n## CloudWatch Metrics\n\nIn order to get some metrics which you can alert on, `REPORT_AS_CW_METRICS` and `CW_METRICS_NAMESPACE` environment\nvariables are used. Following metrics will be reported\n\n- `TLSVersion` - the TLS version as a float \n\n## Deployment\n\nYou can either deploy Lambda manually or using [AWS SAM](https://aws.amazon.com/serverless/sam/).\n\n\n### AWS SAM\n\nMake sure you have set up your AWS credentials in your environment and an available s3 bucket in the same region.\n\n```sh\nsam package --template-file template.yaml --output-template-file packaged.yaml --s3-bucket ${BUCKET}\nsam deploy --template-file packaged.yaml --stack-name http-check --capabilities CAPABILITY_IAM\n```\n\n## Testing\n\n### AWS SAM\n\nbuild the code change\n\n```\nsam build\n```\n\nexecute the test\n\n```sh\nsam local invoke Check --event test/google.json \n```\n\n## Schedule execution\n\nschedules can be added manually or through the SAM template using cloudwatch scheduled events\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbase2services%2Faws-lambda-tls-version-check","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbase2services%2Faws-lambda-tls-version-check","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbase2services%2Faws-lambda-tls-version-check/lists"}