Skip to main content
Help the Python Software Foundation raise $60,000 USD by December 31st!  Building the PSF Q4 Fundraiser

No project description provided

Project description


Serverless Security Library for Developers. Regain Control over Your Serverless Runtime.

How FunctionShield helps With Serverless Security?

  • By monitoring (or blocking) outbound network traffic from your function, you can be certain that your data is never leaked
  • By disabling read/write operations on the /tmp/ directory, you can make your function truly ephemeral
  • By disabling the ability to launch child processes, you can make sure that no rogue processes are spawned without your knowledge by potentially malicious packages
  • By disabling the ability to read the function’s (handler) source code through the file system, you can prevent handler source code leakage, which is oftentimes the first step in a serverless attack

Supports AWS Lambda and Google Cloud Functions

Get a free token

Please visit:


$ pip install function-shield

Super simple to use

import function_shield

    "policy": {
        # 'block' mode => active blocking
        # 'alert' mode => log only
        # 'allow' mode => allowed, implicitly occurs if key does not exist
        "outbound_connectivity": "block",
        "read_write_tmp": "block",
        "create_child_process": "block",
        "read_handler": "block"
    "token": os.environ['FUNCTION_SHIELD_TOKEN']

def handler(event, context):
    # Your Code Here #

Logging & Security Visibility

FunctionShield logs are sent directly to your function’s AWS CloudWatch log group. Here are a few sample logs, demonstrating the log format you should expect:

// Log example #1:
    "function_shield": true,
    "policy": "outbound_connectivity",
    "details": {
        "host": ""
    "mode": "alert"

// Log example #2:
    "function_shield": true,
    "policy": "read_write_tmp",
    "details": {
        "path": "/tmp/node-alert"
    "mode": "alert"

// Log example #3:
    "function_shield": true,
    "policy": "create_child_process",
    "details": {
        "path": "/bin/sh"
    "mode": "block"

// Log example #4:
   "function_shield": true,
   "policy": "read_handler",
   "details": {
       "path": "/var/task/handler.js"
   "mode": "alert"

Custom Security Policy (whitelisting)

Custom security policy is only supported with the PureSec SSRE full product.

Get PureSec

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for function-shield, version 1.2.4
Filename, size File type Python version Upload date Hashes
Filename, size function_shield-1.2.4-py2.py3-none-any.whl (73.7 kB) File type Wheel Python version py2.py3 Upload date Hashes View
Filename, size function-shield-1.2.4.tar.gz (72.6 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page