Skip to content

puresec/lambda-config-rules

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

src

src

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

template.yaml

template.yaml

 
 

Repository files navigation

AWS SAM Application with 4 Config Rules to validate that your AWS Lambda functions follow security best practices

  1. Detects functions created through console
  2. Detects functions with shared IAM role
  3. Detects functions with multiple triggers
  4. Detects functions with wildcard action permissions

Deployment Instructions

Install dependencies

npm install --prefix src/

Create deployment bucket

aws s3 mb s3://DEPLOYMENT_BUCKET_NAME --region YOUR_REGION_NAME

Package your application

aws cloudformation package \
   --template-file template.yaml \
   --output-template-file template-packaged.yaml \
   --s3-bucket DEPLOYMENT_BUCKET_NAME

Deploy config rules

aws cloudformation deploy \
   --region YOUR_REGION_NAME
   --template-file template-packaged.yaml \
   --stack-name lambda-config-rules \
   --capabilities CAPABILITY_IAM \
   `# optionally add FunctionShield token to enable protection of custom rules lambda functions (http://bit.ly/2AaBJ3x)` \
   --parameter-overrides FunctionShieldToken=YOUR_FUNCTION_SHIELD_TOKEN

About

4 AWS Config rules that will boost your AWS Lambda security posture. Created as a companion to the AWS Config blog post by PureSec.

www.puresec.io/blog/aws-security-best-practices-config-rules-lambda-security

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

17 stars

Watchers

5 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages