Friday, June 17, 2022
HomeHackerLambdaGuard - AWS Serverless Safety

LambdaGuard – AWS Serverless Safety




AWS Lambda is an event-driven, serverless computing platform offered by Amazon Internet Providers. It’s a computing service that runs code in response to occasions and robotically manages the computing sources required by that code.

LambdaGuard is an AWS Lambda auditing instrument designed to create asset visibility and supply actionable outcomes. It supplies a significant overview when it comes to statistical evaluation, AWS service dependencies and configuration checks from the safety perspective.

Necessities

  • Python 3.6+
  • Java 11 (elective for SonarQube)

Set up

From PyPI

From Github

git clone https://github.com/Skyscanner/lambdaguard
cd lambdaguard
sudo make set up

AWS Entry

You will want a set of AWS entry keys and permissions to run LambdaGuard.

Create a profile in ~/.aws/credentials with the newly created keys.

[LambdaGuardProfile]
aws_access_key_id = ...
aws_secret_access_key = ...

Alternatively, you should utilize the keys immediately as CLI arguments (not really helpful).

Run

  • lambdaguard --help
  • lambdaguard --function arn:aws:lambda:perform
  • lambdaguard --input function-arns.txt
  • lambdaguard --output /tmp/lambdaguard
  • lambdaguard --profile LambdaGuardProfile
  • lambdaguard --keys ACCESS_KEY_ID SECRET_ACCESS_KEY
  • lambdaguard --region eu-west-1
  • lambdaguard --verbose

SonarQube: Static Code Evaluation

Obtain sonar-scanner-cli

Construct SonarQube

Use SonarQube

  • lambdaguard --sonarqube config.json

Config ought to have the next format:

{
"command": "sonar-scanner -X",
"url": "http://localhost:9000",
"login": "admin",
"password": "admin"
}

Growth

make -B clear
make dev
. dev/bin/activate
make install-dev
make check



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments