Skip to main content

Synopsis

kosli snapshot lambda ENVIRONMENT-NAME [flags]
Report a snapshot of artifacts deployed as one or more AWS Lambda functions and their digests to Kosli.
Skip --function-names and --function-names-regex to report all functions in a given AWS account. Or use --exclude and/or --exclude-regex to report all functions excluding some. To authenticate to AWS, you can either:
  1. provide the AWS static credentials via flags or by exporting the equivalent KOSLI env vars (e.g. KOSLI_AWS_KEY_ID)
  2. export the AWS env vars (e.g. AWS_ACCESS_KEY_ID).
  3. Use a shared config/credentials file under the $HOME/.aws
Option 1 takes highest precedence, while option 3 is the lowest.
More details can be found here: https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-credentials

Flags

FlagDescription
—aws-key-id stringThe AWS access key ID.
—aws-region stringThe AWS region.
—aws-secret-key stringThe AWS secret access key.
-D, —dry-run[optional] Run in dry-run mode. When enabled, no data is sent to Kosli and the CLI exits with 0 exit code regardless of any errors.
—exclude strings[optional] The comma-separated list of AWS Lambda function names to be excluded. Cannot be used together with —function-names
—exclude-regex strings[optional] The comma-separated list of name regex patterns for AWS Lambda functions to be excluded. Cannot be used together with —function-names. Allowed regex patterns are described in https://github.com/google/re2/wiki/Syntax
—function-names strings[optional] The comma-separated list of AWS Lambda function names to be reported. Cannot be used together with —exclude or —exclude-regex.
—function-names-regex strings[optional] The comma-separated list of AWS Lambda function names regex patterns to be reported. Cannot be used together with —exclude or —exclude-regex.
-h, —helphelp for lambda

Flags inherited from parent commands

FlagDescription
-a, —api-token stringThe Kosli API token.
-c, —config-file string[optional] The Kosli config file path. (default “kosli”)
—debug[optional] Print debug logs to stdout. A boolean flag docs (default false)
-H, —host string[defaulted] The Kosli endpoint. (default “https://app.kosli.com”)
—http-proxy string[optional] The HTTP proxy URL including protocol and port number. e.g. ‘http://proxy-server-ip:proxy-port
-r, —max-api-retries int[defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)
—org stringThe Kosli organization.

Examples Use Cases

These examples all assume that the flags --api-token, --org, --host, (and --flow, --trail when required), are set/provided. 
export AWS_REGION=yourAWSRegion
export AWS_ACCESS_KEY_ID=yourAWSAccessKeyID
export AWS_SECRET_ACCESS_KEY=yourAWSSecretAccessKey

kosli snapshot lambda yourEnvironmentName 


export AWS_REGION=yourAWSRegion
export AWS_ACCESS_KEY_ID=yourAWSAccessKeyID
export AWS_SECRET_ACCESS_KEY=yourAWSSecretAccessKey

kosli snapshot lambda yourEnvironmentName 
    --exclude function1,function2 
	--exclude-regex "^not-wanted.*" 


export AWS_REGION=yourAWSRegion
export AWS_ACCESS_KEY_ID=yourAWSAccessKeyID
export AWS_SECRET_ACCESS_KEY=yourAWSSecretAccessKey

kosli snapshot lambda yourEnvironmentName 
	--function-names yourFunctionName 


export AWS_REGION=yourAWSRegion
export AWS_ACCESS_KEY_ID=yourAWSAccessKeyID
export AWS_SECRET_ACCESS_KEY=yourAWSSecretAccessKey

kosli snapshot lambda yourEnvironmentName 
	--function-names-regex yourFunctionNameRegexPattern 


export AWS_REGION=yourAWSRegion
export AWS_ACCESS_KEY_ID=yourAWSAccessKeyID
export AWS_SECRET_ACCESS_KEY=yourAWSSecretAccessKey

kosli snapshot lambda yourEnvironmentName 
	--function-names yourFirstFunctionName,yourSecondFunctionName 


kosli snapshot lambda yourEnvironmentName 
	--function-names yourFunctionName 
	--aws-key-id yourAWSAccessKeyID 
	--aws-secret-key yourAWSSecretAccessKey 
	--aws-region yourAWSRegion
Last modified on March 10, 2026